Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 01:30
    kocoler commented #626
  • 01:26
    kocoler synchronize #626
  • 01:25
    kocoler synchronize #626
  • 00:56
    hsluoyz commented #626
  • Oct 19 16:38
    kocoler synchronize #626
  • Oct 19 16:38
    kocoler opened #626
  • Oct 17 22:14
    SPopenko commented #545
  • Oct 17 13:52
    nodece review_requested #625
  • Oct 17 13:52
    nodece review_requested #625
  • Oct 17 13:52
    nodece opened #625
  • Oct 16 01:15
    hsluoyz commented #624
  • Oct 15 16:39
    Fi5t edited #624
  • Oct 15 16:38
    Fi5t opened #624
  • Oct 15 08:01
    nodece reopened #613
  • Oct 15 07:43
    00LT00 commented #613
  • Oct 15 07:42
    00LT00 commented #613
  • Oct 15 02:02
    hsluoyz commented #619
  • Oct 15 01:43
    github-actions[bot] labeled #620
  • Oct 15 01:43
    github-actions[bot] commented #620
  • Oct 15 01:43

    github-actions[bot] on v2.14.2

    (compare)

JAgrit20
@JAgrit20
I am talking about the Casbin website https://github.com/casbin/casbin-website/tree/master/website/
issue
Yang Luo
@hsluoyz
@JAgrit20 the website is deployed at: https://github.com/casbin/casbin.github.io
I'm sure you can get CSS there
JAgrit20
@JAgrit20
as this is the repo i have create the issue
so like now i have solve the issue in this repo
https://github.com/casbin/casbin.github.io
so shall i create the pull request there (casbin.github.io) or casbin-website?
Yang Luo
@hsluoyz
https://github.com/casbin/casbin.github.io this is an automatically generated repo
JAgrit20
@JAgrit20
oh,so but the change i made in main.css which is in casbin.github.io i have not change anything in https://github.com/casbin/casbin-website
i have changed in https://github.com/casbin/casbin.github.io
so how can i make a pull request in https://github.com/casbin/casbin-website
Yang Luo
@hsluoyz
Our site is built on top of Docusaurus
See how Docusaurus works
JAgrit20
@JAgrit20
ok
JAgrit20
@JAgrit20
sorry, one last question if I do changes directly in https://github.com/casbin/casbin.github.io it won't solve the purpose?
Yang Luo
@hsluoyz
No
https://github.com/casbin/casbin.github.io this is an automatically generated repo
JAgrit20
@JAgrit20
yeah got that thanks
Ali Khan
@alikhan866

@hsluoyz here is a demo site https://casbin-role-mgt-ui-rbac.web.app/

yes table is based in material design

Ali Khan
@alikhan866
please use this url instead https://casbin-rbac-ui.web.app/
the last deployment had a slight bug forgot to replace localhost :P sorry
Yang Luo
@hsluoyz
@alikhan866 great! Can you add it to the official list? https://casbin.org/docs/en/admin-portal
Ali Khan
@alikhan866

Hi! i created a PR casbin/casbin-website#130

is this okay ?

@hsluoyz
Yang Luo
@hsluoyz
@alikhan866 it looks good!
already merged
JAgrit20
@JAgrit20
@hsluoyz I have created a pull request please see
JAgrit20
@JAgrit20
Please review my pull request for issue #129
Dominik Schmidt
@dschmidt

Hey,

I'm currently evaluating casbin for a project I'm working on. I've created a policy.csv for the standard RBAC model and it looks like this:

p, alice, group_1, read

g, alice, users
g2, /group/1/item/:id, group_1

Afterwards a call to ok, err = e.Enforce("alice", "/group/1/item/3", "read") succeeds ... yay, that's a pretty good start!

But when I do casbin.CasbinJsGetPermissionForUser(e, "alice")there's no trace of the item role and on the frontend side I cannot make use of this. Is there a way to make this work or is this a known limitation? Where would be a proper place to discuss options to resolve this? If it's a reasonable amount of work I'd be happy to contribute.

Dominik Schmidt
@dschmidt
diff --git a/frontend.go b/frontend.go
index ce37aaa..96849fe 100644
--- a/frontend.go
+++ b/frontend.go
@@ -25,7 +25,18 @@ func CasbinJsGetPermissionForUser(e *Enforcer, user string) ([]byte, error) {
        }
        permission := make(map[string][]string)
        for i := 0; i < len(policy); i++ {
-               permission[policy[i][2]] = append(permission[policy[i][2]], policy[i][1])
+               role := policy[i][1]
+               action := policy[i][2]
+
+               permission[action] = append(permission[action], role)
+
+               subRoles, err := e.GetUsersForRole(role)
+               if err != nil {
+                       return nil, err
+               }
+               for j := 0; j < len(subRoles); j++ {
+                       permission[action] = append(permission[action], subRoles[j])
+               }
        }
        b, _ := json.Marshal(permission)
        return b, nil
Makes CasbinJsGetPermissionForUser(...) return {"read":["group_1","/group/1/item/:id"]} - so at least one level of inheritance would be supported. Is that something you'd want upstream or rather not?
Yang Luo
@hsluoyz
@dschmidt Hi, are you trying to implement authorization in Javascript frontend?
Dominik Schmidt
@dschmidt
@hsluoyz yeah, exactly. Of course it doesn't replace server side authorization, but it would be nice to know which buttons to show or hide
Dominik Schmidt
@dschmidt

@hsluoyz I'm very new to casbin, in fact I'm just checking it out and playing around with it.

So it's very hard for me to overview all possible configurations, code paths and performance implications. The diff above is just a quick "works for me" poc, that's why I'm looking for feedback what can be done and what shouldn't :)

and also on how mature the feature is actually considered to be, from the commit history of casbin.js and the frontend.go file, it looks like it's rather young
Is there any work planned on it?
Dominik Schmidt
@dschmidt
aah, it's a gsoc project :) casbin/casbin.js#12
Yang Luo
@hsluoyz
Yes. We developed Casbin.js in GSoC
We are still improving it, if you can provide any feedback and send issues, we can know how to improve.
Dominik Schmidt
@dschmidt

@hsluoyz Yeah, cool. What do you think of my use case above?
Does it make sense to build that kind of role system? Does it make sense to use subroles for determining permissions?

A few issues I noticed for which I can open issues:

  • CasbinJsGetPermissionForUser() does not accept SyncedEnforcer instances
  • CasbinJsGetPermissionForUser() does not handle .eft, so denying actually allows actions here
Dominik Schmidt
@dschmidt
@hsluoyz I've written down my thoughts in a lengthy :sweat_smile: ticket :-)
casbin/casbin#604
Duc Hoang
@duchoang
Hello all, could someone help me in the online editor, how could I run the request to see the enforcement result?
Duc Hoang
@duchoang
nvm, I found the button to run the test
Yang Luo
@hsluoyz
Great!\
Sanchit Arora
@tichnas
Hi, I'm Sanchit and looking to start contributing to Open Source Orgs. I know ExpressJs, Javascript, C++ and decently comfortable in Python, Java and Typescript.
Which will be the best repo for me to start contributing to Casbin?
I'm also a GSoC2021 aspirant so preferably a repo which will help me in long run.
Thanks :)
2 replies
Dumindu Madunuwan
@dumindu

Hi,
About SavePolicy()method on Adapter interface and existing DB adapters?

As I saw in the existing DB adapters, SavePolicy()method triggers

  • Drop Table
  • Create Table
  • Save all policies from e

If we use a single DB for both our app & Casbin and if we migrate and seed initial casbin_rules table data via our app,

  1. which functionalities need to be added to SavePolicy() method?
  2. When SavePolicy() method need to be triggered?
  3. Why we can not rely on only LoadPolicy(), AddPolicy() and RemovePolicy() without dropping all DB data and recreate all, which is quite risky.

Thank

Yang Luo
@hsluoyz
@dumindu hi, if you use an adapter that supports Auto-Save, you can avoid using SavePolicy()
AddPolicy() and RemovePolicy() are enough
Dumindu Madunuwan
@dumindu
@hsluoyz Thanks for the response. Keep up the good work 👍
Sharukh Mastan
@Sharukh_Mastan_twitter
Guys I have a doubt regarding my policy
1 reply
Matti Sironen
@Barael__twitter
Hi guys, I have a question about Enforcer behaviour during syncing. I have multiple APIs where I use Redis Watcher to keep the policies synchronized between them. Now, it seems that when I make policy changes in API 1 and then make concurrent calls to API 2, all the Enforce methods fail until the API 2 has finished handling all the Update messages from the Watcher. Only explanation I can think of is that once API 2 gets an Update message from the Watcher, it sets the Enforcer in some kind of auto-fail mode until the Update message(s) are handled. Is this correct?
Yang Luo
@hsluoyz
@Barael__twitter what is API 1 and API 2?