Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 06:04
    sasakiyori commented #1116
  • 03:26
    sasakiyori commented #1116
  • Nov 30 16:04

    hsluoyz on master

    docs: updated link (#1148) * U… (compare)

  • Nov 30 16:04
    hsluoyz closed #1148
  • Nov 30 13:50
    casbin-bot review_requested #1148
  • Nov 30 13:50
    casbin-bot commented #1148
  • Nov 30 13:50
    r4wand opened #1148
  • Nov 30 13:42
    hsluoyz commented #1146
  • Nov 30 13:40
    r4wand commented #1146
  • Nov 30 13:39
    hsluoyz commented #1146
  • Nov 30 13:38

    hsluoyz on master

    docs: updated broken links in R… (compare)

  • Nov 30 13:38
    hsluoyz closed #1146
  • Nov 30 13:38
    hsluoyz edited #1146
  • Nov 30 13:33
    r4wand commented #1146
  • Nov 30 13:33
    CLAassistant commented #1146
  • Nov 30 13:29
    hsluoyz commented #1146
  • Nov 30 13:05
    r4wand edited #1146
  • Nov 30 13:00
    CLAassistant commented #1146
  • Nov 30 13:00
    casbin-bot review_requested #1146
  • Nov 30 13:00
    casbin-bot commented #1146
Zak Z
@Z4k_Z_twitter
2345
Zak Z
@Z4k_Z_twitter
if not user.is_admin:
...
else:
enforcer = self.get_casbin_enforcer()
    # sub, obj, act
    if not enforcer.enforce(uid, path, method):
        raise AuthorizationError(status_code=401)
Subhasis Dasgupta
@dsubhasis
Hi, I'm new to this group. Can anyone help me understand how I could implement row-level security using the Casbin? I'm using fast-API and SQL ORM, and a Microsoft SQL server
jackj-ohn1
@jackj-ohn1
the model based on RBAC can't use some functions to identify the user's power, isn't it? please help me
I use "g , user,normal" in my csv file .However, the function HasRoleForUser("user","normal") return false
Shivansh Yadav
@Shivansh-yadav13
Screenshot from 2022-06-28 12-07-33.png
I suggest please remove this from node-casbin, it should not be there when rebasing
hsluoyz
@hsluoyz
@Shivansh-yadav13 good point, who add this? Can you do a git-blame?
which commit or PR
Shivansh Yadav
@Shivansh-yadav13
@hsluoyz it's this commit casbin/node-casbin@d84e343
adarsh-007
@adarsh-007
can we have a custom model for rbax
rbac
ale7canna
@ale7canna

Hi guys. We are evaluating the usage of Casbin in order to improve our authorization strategy.
We have a few use-cases already in mind, but we are struggling finding the right casbin setup in order not to have millions of policies.

Is this the right place to ask for help??
Thanks!

hsluoyz
@hsluoyz
@ale7canna take a look at: https://casbin.io/docs/performance
@adarsh-007 yes
ale7canna
@ale7canna
@hsluoyz thanks for your answer. We already had a look at the documentation and the performance page, too. Is there any way we can deepen our use case in order to get your help/hints? Should I open a github issue?
hsluoyz
@hsluoyz
@ale7canna sure
1 reply
Sujit Baniya
@sujit-baniya
Hello, Can anyone suggest me how to define model for user with following role structure.
user_id, domain_id, organization_id, role_id
19 replies
damonyoda
@damonyoda
hi i would like to know if it is possible for me to add perhaps a extra column (client_id) in the casbin_rule table so that clients may create their own roles and adjust the permission on permitted modules accordingly? would be great for me to be able to show all the corresponding roles by the client_id actually
Sekar
@sekarcse
Hi
I am new to CASBIN
My require is to run CASBIN middle ware for .NET microservices in k8s
Could you any one help me on this, how this can be achieved
Товарищ программист
@ComradeProgrammer
@sekarcse 1. You can see https://github.com/casbin/k8s-gatekeeper for more details. 2. Could you please describe what kind of constraints you want to apply to K8s?
5 replies
Ghost
@ghost~630651486da03739849bbaa0
Hello everyone, I would like to how to setup model & policy to provide authorization based on User Roles and Restful Action
hsluoyz
@hsluoyz
@kiran1235 plz ask specific question
damonyoda
@damonyoda
hi i would like to know if it is possible for me to add perhaps a extra column (client_id) in the casbin_rule table so that clients may create their own roles and adjust the permission on permitted modules accordingly? would be great for me to be able to show all the corresponding roles by the client_id actually
archer-fate
@archer-fate
hello everyone, in casbin-go , is there any method i can use to delete some roles in domain , my mode is rbac in domain
Shivansh Yadav
@Shivansh-yadav13
@archer-fate you can use removeFilteredPolicy method
Jonathan Wang
@jwanggg
Hi, I was wondering for the enforce method, was there a way to know why it returned false, etc wrong subject, object or action or something like that
Weatherman13
@Weatherman13
Hi, i have a question: I need to use ABAC model in CASBIN and i keep the access rules in the database, not in a file. By default, the library scans the table and collects the rule in java entity CasbinRule with String fields. Is it possible to make a custom object with fields where nested objects will be. So that Casbin collects a rule not by 1 table, but by several? JAVA
hsluoyz
@hsluoyz
@Weatherman13 yes, you can write an adapter for it
@jwanggg yes, use EnforceEx() to know reason
3 replies
tirstex777
@tirstex777
hey i'm a new comer and really want to learn and contribute...can anyone please guide me or point me to some resources
Emmet Rogan
@emmet.rogan_gitlab

Hi, I've had a look around but I can't seem to find an answer to this question (just for the record, I'm new and investigating using Casbin for our company) but it is it possible to use RBAC with domains/tenants where domains are grouped as well?

[request_definition]
r = sub, dom, obj, act

[policy_definition]
p = sub, dom, obj, act

[role_definition]
g = _, _, _
g2 = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && r.act == p.act
p, role:manager, class:1, tasks, write
p, role:viewer, class:1, tasks, read
g, role:manager, role:viewer, class:1
g2, school:1, class:1 <--- something like this? 
g, user:kv, role:manager, school:1

I was hoping to have

user:kv, class:1, tasks, write

return true

I am unsure how to extend the matcher to use g2 effectively.

hsluoyz
@hsluoyz
@emmet.rogan_gitlab plz create a github issue
Emmet Rogan
@emmet.rogan_gitlab
@hsluoyz will do! thanks
manindersingh
@manindersingh:matrix.org
[m]
Can someone point out some resources to learn about the casbin architecture?
Ghost
@ghost~63615e6e6da03739849ec142
Hi, I have build an API using Flask-Python. I have 1000 users, and each of them have 100 rules -stored in PSQL- to access resources - a bit more of 100k rules total. The app won't even load after 20min and 3Gb of RAM usage. What would you recommend to at least have the app started? And to lower the time of requests from clients - as per a simulation with 500 users and 10 rules each it takes 5min to load the app 1Gb of ram, and a call take few seconds?
liutheuniverse
@liutheuniverse
hello, I got a error in "if e.enforce(sub,dom,obj,act)==True:",it says that "RuntimeError: invalid policy size",and my request definition is " r = sub, dom , obj, act" ,I use pycasbin,what going wrong there
Ghost
@ghost~63615e6e6da03739849ec142
@liutheuniverse looks like you have a policy that misses or have more value than it is needed
Dakshta Tomar
@offset-null1
Hi, I'm exploring JDBC Adapter, casbin_rule table has v0,v1... v5. For restful policy we may not need all the columns for a rule. Can someone please give some insight on this.
hsluoyz
@hsluoyz
@offset-null1 then leave them blank
Drachenfels
@DrachenfelsCR
Hi, I was wondering for Policy Storage is there anyway to pass to the enforcer a collection of json with policies, for example like in IAM AWS policies, pass it to the enforcer and save it in casbin, is there any link that maybe I am not aware of how to implement something like that to use as a guide?
steven lyu
@lvsj
Is anyonne here , https://casbin.org/editor page can not load
FatSong207
@FatSong207
@lvsj same question
how can I get into editor on browser
Clare Yang
@yangzhares
online editor crashed?
hsluoyz
@hsluoyz
@lvsj @FatSong207 @yangzhares already fixed
steven lyu
@lvsj
@hsluoyz thks
Ihor Levchenko
@ifree92

Greetings! I have a theoretical question about how you use RBAC.
I mean, how do you convert the response from Casbin RBAC to use together with let's say paginated data?

Let's say we've defined the following rules for sub-resources:

  • /folder_1/file_1
  • /folder_1/file_2
  • /folder_1/folder_2
  • /folder_1/folder_2/*

That's fine then to verify whether some role has access to let's say sub /folder_1/folder_2/random_file (so we would receive TRUE).

But if we're talking about an API endpoint that must paginate over allowed sub-resources. Let's say user opens folder_1, wants to see all internals. In this case, they have access to file_1, file_2, folder_2.

Let's say we have thousands of files inside, how would you build fetching paginated data from the DB?

  • fetch by bulks, on each file "ask" Casbin whether access is "true" or "false", and do that until we get the "allowed" list?
  • yes, I can convert rules to "conditions" for SQL query, but if there're too many rules, we might face a very complex "where" request.

Would really appreciate your answers and suggestions on this point. Thank you

hsluoyz
@hsluoyz
@ifree92 create a github issue