by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • May 31 14:53
    nodece commented #477
  • May 31 14:36
    nodece unlabeled #472
  • May 31 14:36
    nodece commented #472
  • May 31 14:27
    nodece commented #475
  • May 31 13:59
    nodece reopened #439
  • May 31 13:59
    nodece unlabeled #439
  • May 31 13:58
    nodece commented #439
  • May 31 13:46
    nodece commented #478
  • May 31 13:37
    UnderTreeTech commented #478
  • May 31 13:37
    UnderTreeTech commented #478
  • May 31 13:25
    nodece edited #478
  • May 31 13:10

    nodece on v2.6.6

    (compare)

  • May 31 12:56
    nodece review_requested #478
  • May 31 12:56
    nodece opened #478
  • May 31 12:34
    github-actions[bot] labeled #439
  • May 31 12:34
    github-actions[bot] labeled #472
  • May 31 12:34
    github-actions[bot] commented #439
  • May 31 12:34
    github-actions[bot] commented #472
  • May 31 12:34

    github-actions[bot] on v2.6.6

    (compare)

  • May 31 12:33

    nodece on master

    fix: Added DefaultEffectorStrea… fix: Panic message and interfac… fix: Implement NewStream method. and 9 more (compare)

Ansel Rosenberg
@arosenberg01
we use mongo and postgres primarily
if it's per-user I don't think caching the policies would help much though?
Ansel Rosenberg
@arosenberg01
I was imaging being able to index on fields like subject, allowing for indexed db reads for per-user requests
hmm, I guess that only makes sense for 1-to-1 subject lookups though (as opposed to regex matching)
Ansel Rosenberg
@arosenberg01
but seems like almost every use case for would be super read-heavy, meaning indexing every field (postgres or mongo) would be viable
John Kouraklis
@jkour
@arosenberg01 I use postgresql a lot and it is quite capable with the size of records that you describe. Actually, all production level databases are able to manage requests with 10ths of million of records so maybe it is not a real problem. Have you tried it?
@arosenberg01 The problem you may face though is if you update the same record from more than one endpoints
Ansel Rosenberg
@arosenberg01
was going to do some load testing this weekend/early next week
you're referring to addPolicy()?
I know that autosave is turned off with a filtered adapter
Ansel Rosenberg
@arosenberg01
but if I have a separate enforcer managing my addPolicy() calls, wouldn't read enforcers still pick up the updates since they're calling loadFilteredPolicy() for every request?
John Kouraklis
@jkour
Hi @arosenberg01. I am not familiar with go implementation if it is what you are using
Ansel Rosenberg
@arosenberg01
I was going to implement in Node, don't think that should matter too much for the load-policy-on-every request design I was considering
out of curiosity, what are you using?
Yang Luo
@hsluoyz
@arosenberg01 please send a github issue to node-casbin
Ansel Rosenberg
@arosenberg01
an issue is an appropriate place for a question, versus an actual bug report?
Yang Luo
@hsluoyz
yes
Our issues page also tracks long or complicated questions
Ansel Rosenberg
@arosenberg01
got it, thank you
Ansel Rosenberg
@arosenberg01
Yang Luo
@hsluoyz
ok
Claudio D'Angelo
@claudiothewall
Hi everyone, fast question , is possible this policy: p , subject:id, resource:id, read.
That have to match with r, user1,resource1, read Allow and r,user2,resorce1,read Deny
Yang Luo
@hsluoyz
@claudiothewall you can do it with a little trick, see: https://casbin.org/docs/en/function#functions-in-matchers
Use keyMatch4(), then append sub + obj, to get sth similar to: /alice_data/{id}/book/{id}
or you can write a function to extract id from sub and obj, then compare them in matcher
Claudio D'Angelo
@claudiothewall
@hsluoyz ook, many thanks.
Claudio D'Angelo
@claudiothewall
@hsluoyz mmm, there is a problem, if I add in policy subject subj_{id} , the enforcer doesn't find for example subj_5 ... I need to add a manual regExpr.. how can I add a regular expression for ex subj5 ?
Yang Luo
@hsluoyz
@claudiothewall please make a github issue
Claudio D'Angelo
@claudiothewall
@hsluoyz now it works! my fault ;)
Enrique Medina Montenegro
@emedina
Hi, can someone point me to an example of nested roles, if supported? For example, how to implement the example given in the docs --> https://casbin.org/docs/en/rbac#role-hierarchy
tichnas
@tichnas
Hi, I'm Sanchit. I'm new to Open Source development and want to start with Casbin. I know JS and some of the react & python. How should I start contributing using these technologies?
Thanks in advance :)
Yang Luo
@hsluoyz
@tichnas please work on opened issues of your favorite repo :)
vietlib
@vietlib
Hi all is thêre any room for casbin.rs please
Eason Chai
@hackerchai
@vietlib Please check casbin-rs issue, there is a slack invitation link.
Steve Coffman
@StevenACoffman
I was trying to compare Casbin to Open Policy Agent, and I found this somewhat old comparison. Is this (still) fairly accurate? https://gist.github.com/StevenACoffman/1644ec1157a793eb7d868aa22b260e91
Yang Luo
@hsluoyz
@StevenACoffman thanks for reaching out! I have replied in your gist: https://gist.github.com/StevenACoffman/1644ec1157a793eb7d868aa22b260e91
What're your focus points about choosing authz? so we can target to your focus.
Steve Coffman
@StevenACoffman
Thanks! We have an existing legacy authz where roles ("student" vs "teacher") map to capabilities with regards to objects ("classes", "assignments"). We are looking at both Casbin and OPA. OPA showcases it's ecosystem of other technologies: https://www.openpolicyagent.org/docs/latest/ecosystem/ but I'm having some trouble finding equivalent information for Casbin.
Yang Luo
@hsluoyz
@StevenACoffman That showcase contains a lot of 3rd party plugins, which we actually have more (adapters, middlewares, watchers for 8 languages).
Steve Coffman
@StevenACoffman
Where is that list for Casbin?
Yang Luo
@hsluoyz
AFAIK, OPA is backed by a start-up company. So its status is unclear after it runs out of money (if happens). Casbin is pure open-source org, so it will not be dead by itself, only if all users abandoned us
Steve Coffman
@StevenACoffman
Oh, great! I don't know how I missed the adapters section.
Steve Coffman
@StevenACoffman
Do you think that Casbin can support roles ("student" vs "teacher") mapping to capabilities with regards to objects ("classes", "assignments") ? For instance, a teacher can only modify their own class.
Yang Luo
@hsluoyz
@StevenACoffman yes, it's the classic RBAC model
Yang Luo
@hsluoyz
@StevenACoffman I saw your updates about OPA's reply. Why not just try Casbin and OPA both in an example and then make a decision? I think it's faster and easier than letting both sides "battle" each other in a gist.