Authorization Model: Where did Casbin go?

Question

Authorization Model: Where did Casbin go?

L-U-C-K-Y opened this issue 3 years ago · comments

Hi all

Found this project and was reading through the readme and repo.

I noticed that the readme says that Casbin is used for authorization, but I cannot find any reference in the code.
Has it been removed again?

If yes, could I ask for the reasoning behind it, have you found a more suitable option?

Thanks!

Eric Luo · Answer 1 · Tue Jan 19 2021 20:27:21 GMT+0800 (China Standard Time)

@L-U-C-K-Y I think it has gone after this V3 PR: #1475

Anand Chowdhary · Answer 2 · Thu Jan 21 2021 13:38:54 GMT+0800 (China Standard Time)

Thanks for opening this issue, @L-U-C-K-Y! Yes, until v3, we were using Casbin to manage permission, but now we're doing everything using scopes in v4. I find this much simpler because scope can have wildcards and you can have as many or as little associated with a user or API key.

For example, if a user (with user ID 10, for example) has the scope user-10:delete, this user can delete itself. If you're an admin, you might have the scope user-*:delete, meaning that you can delete all users, or user-*:*, meaning that you can do anything to users, or even *.

The default scope are available at https://github.com/staart/api/blob/v4.0.2/src/helpers/scopes.ts.

Lucky · Answer 3 · Thu Jan 21 2021 16:07:22 GMT+0800 (China Standard Time)

Thanks @AnandChowdhary for elaborating!

Eric Luo · Answer 4 · Thu Jan 21 2021 23:35:29 GMT+0800 (China Standard Time)

Hi @AnandChowdhary

For example, if a user (with user ID 10, for example) has the scope user-10:delete, this user can delete itself. If you're an admin, you might have the scope user-:delete, meaning that you can delete all users, or user-:*, meaning that you can do anything to users, or even *.

I think the wildcards can also be supported by Casbin via the keyMatch() and regexMatch() functions: https://casbin.org/docs/en/function#functions-in-matchers