Support parameterized RBAC
F21 opened this issue · comments
It would be nice to support parameterized RBAC. This would allow the ability to define fine-grained roles and permissions to support things like object level permissions and roles.
Here's a django implementation: https://github.com/dimagi/django-prbac
I've studied the mechanism of PRBAC, and it's really more flexible with parameters. However, Golang and Python(at least Django) based on different principle and design practices, which means I need redesign the parameter RBAC to fit Golang. Furthermore, goRBAC is always intended to design as a noninvasive library.
I wonder what if the permission
is turned into a structure, e.g.:
type Permission []string
Then it's possible that checking the privilege like this:
p := Permission{"admin", "article", "add"}
rbac.IsGranted(NOTEXISTS, p, nil)
As thus we will have a level based permission system.
Of cause modification of the current API will be needed, it's an other important thing we must consider carefully.
Or maybe it might be possible to define functions as an interface for permissions just like there is for roles. That way the user of your library could implement how permissions work and if extra functionality is required they can type cast to their implementation. You could do a roles := map[string][]Permission
where
type Permission interface {
...
}
Just a thought
Yes, it's right way. interface
is better than struct
.
I'v opened a new branch for this.
@mikespook any thoughts on when you might release this under master. Or is it ok to use the redesign branch?
There is a dilemma design which has to be solved. The permission part has already completed. I'm working on the test cases of Role
recently. However, the progress isn't as fast as I thought. There is some personal stuff need to be done for me.
Now you can implement your own Permission:
type Permission interface {
Id() string
Match(Permission) bool
}