Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Sep 22 14:14
    hsluoyz commented #164
  • Sep 19 15:17
    Pokerkoffer commented #164
  • Sep 19 09:08
    Pokerkoffer closed #292
  • Sep 19 09:08
    Pokerkoffer commented #292
  • Sep 19 08:35
    hsluoyz labeled #292
  • Sep 19 08:35
    hsluoyz assigned #292
  • Sep 19 08:35
    hsluoyz commented #292
  • Sep 19 08:31
    Pokerkoffer edited #292
  • Sep 19 08:31
    Pokerkoffer opened #292
  • Sep 18 13:53
    alobaidan commented #24
  • Sep 18 13:53
    alobaidan commented #24
  • Sep 18 13:53
    alobaidan commented #24
  • Sep 18 13:53
    alobaidan commented #24
  • Sep 18 13:52
    alobaidan commented #25
  • Sep 18 13:52
    alobaidan edited #25
  • Sep 18 12:54
    alobaidan commented #25
  • Sep 18 12:48
    alobaidan opened #25
  • Sep 18 12:43
    alobaidan commented #24
  • Sep 18 12:37
    alobaidan commented #24
  • Sep 18 12:36
    alobaidan commented #24
Yang Luo
@hsluoyz
And also use Watcher at the same time
So your adapter needs to support AutoSave feature
StartAutoLoadPolicy() is polling every interval
Callum Dempsey Leach
@mmacheerpuppy
AutoSave isn't implemented in the Redis component version, all I understand is this prevents flushing the entire data-store out for the value of what's stored by the Casbin instance in memory
Yang Luo
@hsluoyz
Yes. You may need to implement it on Redis adapter. Or choose another adapter that support AutoSave
Callum Dempsey Leach
@mmacheerpuppy
@hsluoyz I was looking at some of the issues and found you! casbin/casbin#45 I see you have experience running casbin across a distributed cluster of machines. We will have a cluster of Casbin enforcers, did you need to implement locks via the Watchers in order to perform concurrent updates?
I've been scouring all over for an example of this, I think for now we will implement Casbin on a Postgres database via Xorm.
Callum Dempsey Leach
@mmacheerpuppy
Or perhaps do you need to keep the policy updated for each instance running Casbin on the watcher i.e. actually storing the policies in a distributed manner on Zookeeper, and make it so only one Casbin instance, across say 8 machines, can perform writes at any given time?
Callum Dempsey Leach
@mmacheerpuppy
I suppose my main hang-up is this... If we're calling Casbin to do loads every time there is a policy update to hold all of the policy information locally in the memory of the Casbin Enforcer struct, and using a Watcher to make sure those loads are performed everytime one of the say 10 Casbin enforcers updates the database, is this not the same as having just one Casbin instance and the backpressure/queue of requests to fill out? Can the watchers communicate which policies were updated? What if two or more requests to change the same policy happen at once, how does it deal there?
Jamieson Becker
@jamiesonbecker
I need to list all subjects that take a particular action on a particular object (RBAC with domains). Is that possible with the Management API or the RBAC API?
Jamieson Becker
@jamiesonbecker
(But it needs to be implicit. I don't think this capability currently exists.)
Yang Luo
@hsluoyz
@mmacheerpuppy If you use AutoSave and Watcher together, you don't need locks.
@jamiesonbecker are you using the Golang version Casbin? It's not supported yet. Can you open an GitHub issue for it? So we can track the progress.
Jamieson Becker
@jamiesonbecker
@hsluoyz sure, will do. Thank you!
Yang Luo
@hsluoyz
Hi @jamiesonbecker , the API has been added
Olga Nikolaeva
@mrfeathers
Hello, I've notices some strange behavior using ABAC. For example, I have a resource with two attributes "id" and "status". I print attrList in logs and when I see log like this "{verified 1 map[Id:V1 Status:V0]}" the result is right, but when it's "{verified 1 map[Status:V0, Id:V1 ]}" - the result is wrong. Mapping still seems correct, but the result is wrong
in the model matcher I use only Id attribute now
Yang Luo
@hsluoyz
Hi @mrfeathers what's the args for enforce()?
Olga Nikolaeva
@mrfeathers
Hello @hsluoyz once again, I thought I've done with that problem, but it still remains. And I think I know why it happens. I use casbin-server (with http proxy on top), I create one adapter and one enforcer, that are saved in maps in server/enforcer.go, than I make several enforce requests with ABAC resource. Resource is parsed to attribute list and the enforcer model is also changes (e.x. resource attrList is like {1 verified} [Id:V0, Status:V1], model matcher changes to "m = g(r_sub, r_resource.V0) && r_resource.V1 != 'unverified' ") and due to golang random iteration attrList can be different each time. And the enforcer and its model are the shared resource between several enforce requests, so even though the resource mapping seems correct, the result is wrong sometimes because the model can be changed by another request before current request is done.
Yang Luo
@hsluoyz
Hi @mrfeathers , you may need to use a lock to protect the enforcer for each request.
Do you think you can customize it in your own code or should Casbin-Server provide this lock feature?
Olga Nikolaeva
@mrfeathers
It'd be great if casbin-server provide this feature, cause I think most of the casbin-server users will face to this problem
Yang Luo
@hsluoyz
Can you create an Github issue about it, so we can track its progress? Thanks.
Olga Nikolaeva
@mrfeathers
sure
Alireza Zamani
@Zamani2014
hi all,
is Casbin.NET only for DotNet Core ?
Can i use that in .NET Framwork project ?
No one ?
is anybody here ?
Yang Luo
@hsluoyz
Hi @Zamani2014 , Casbin.NET is a netstandard2.0 project. So you can use it either in .NET Framework or .NET Core
Alireza Zamani
@Zamani2014
Thank you for your answer,
but i can't install that in my project
this is my error :
Install-Package : Could not install package 'Casbin.NET 1.2.0'. You are trying to install this package into a project that targets
'.NETFramework,Version=v4.5.2', but the package does not contain any assembly references or content files that are compatible with that framework. For
more information, contact the package author.
Zhikui Hua
@huazhikui
@Zamani2014 Please modify the NetCasbin.csproj file. in the file, change <TargetFramework>netstandard2.0</TargetFramework> to <TargetFrameworks>netstandard2.0;net45</TargetFrameworks>. because i build the package with 'dotnet pack' command.
can you build a multi-version package for us?
Alireza Zamani
@Zamani2014
error: Unable to find package Casbin.NET.1.2.0. No packages exist with this id in source(s): Microsoft Visual Studio Offline Packages, nuget.org
error: Package 'Casbin.NET.1.2.0' is incompatible with 'all' frameworks in project 'D:\Chatr-e-Danesh\CTDOfficeApp\CTDOfficeApp.csproj'.
Zhikui Hua
@huazhikui
please clone the respository from https://github.com/casbin/Casbin.NET, and
modify the NetCasbin.csproj file to support the target framework net45.
phamngocquy
@phamngocquy
hi
every one
Alireza Zamani
@Zamani2014
@huazhikui Thank you so much. It Works.
Yang Luo
@hsluoyz
Hi @phamngocquy
JT
@juicetin

Hi :wave: I've been reading up on a/rbac in general over the last couple days and looking at implementing it using casbin. Can casbin perform filtering on data entries/rows (so not attributes/columns)?

One use case I'm after is as follows (generalised):
an organisation owns objects, an application users are created, who belong to an object. we have a black box procedure that gets a large list of these objects (say for argument's sake, it's a monolithic stored procedure that we don't want to make any changes to), and when an application user triggers a REST call that requests this set of resources, we want to filter to only show it for the objects with their parent organisation owns.

I wasn't able to find any documentation to suggest that casbin can do this sort of filtering, is it possible?

saijeevanballa
@saijeevanballa
Hi I need a suggestion about how to add policy_definition in database
Hi @saijeevanballa , see: https://casbin.org/docs/en/adapters
lanpangzi
@yywf
hi, everyone. I want to use casbin in my database permission system. And I need three object to defines my access resources, they are db, table, colums (eg. db1, table1, ; db2, table2, column1/column2; db3, , *;). but I found that casbin has only one object. So how to use one object to define three object.
Yang Luo
@hsluoyz
I have answered you in GitHub @yywf
lanpangzi
@yywf
@hsluoyz thanks
Chirag Shah
@chikka0305_twitter
Hi everyone, I want to use casbin node-js in my serverless lambda function. I am concerned with adapter loading all policy each time. is there any adapter for postgres which supports filtered policy loading?
Yang Luo
@hsluoyz
Hi @chikka0305_twitter , please send an issue here: https://github.com/casbin/node-casbin/issues