I have a particular use case where errors may be introduced when performing an AddPermission. I would like to propose a list change to the interface from AddPermission(string) to AddPermission(string) error. Any thoughts?

Dear Maintainer,

I feel like something is not consistent but as you are in v2 I think there is a story behind.

When Assigning Permissions to Roles this is done via types func (role *StdRole) Assign(p Permission) error (Permission type).

When Inheriting Roles this is done via strings func (rbac *RBAC) SetParent(id string, parent string) error, i.e. you could have written a signature like func (rbac *RBAC) SetParent(child Role, parent Role) error.

Which would be:

• more consistent
• had more type safety (especially as you already use the types)

I will work around it by using roleA.ID() but this feels implicit when I need to check your code to notice IDs are the map stored things I need to use to get strings.

So please don´t read it as a complain your repo seems to be fine but is there a story behind that API design?

I am working on a API that involves interacting with models in a database. Users have either guest owner or admin roles on the data and have create, read, update and delete permissions on the data. Each of those is different for each model and each model only allows access to specific fields.

Example:
user model has full CRUD but only certain fields can be directly manipulated by owners and there are only read permissions on some minimal values for guest. How would I go about using gorbac for my use case?

Hi,

I wrote a simple function to test my use of the package and discovered that if one calls IsGranted from within the Walk handler function, the code hangs. Looking into the code it looks like a deadlock.
Would it be possible to expose a non locking version of IsGranted (basically the existing private isGranted).

Cheers,
Shmul

I suggest that we can learn from the java's shiro framework.
http://shiro-go.googlecode.com

Please consider tagging releases using Semantic Versioning.

api:runtime error: invalid memory address or nil pointer dereference
github.com/mikespook/gorbac/permission.go:33
github.com/mikespook/gorbac/role.go:53
github.com/mikespook/gorbac/rbac.go:199
github.com/mikespook/gorbac/rbac.go:194
github.com/mikespook/gorbac/helper.go:78

Is there any storage backend support? e.g. mongo. redis.

I have created a new middleware for tango - https://github.com/tango-contrib/rbac. And it's based on this project. A question is how to load rbac information from a database or a file?

type Role interface {
	ID() string
	Permit(Permission) bool
}

This Interface should list all the methods StdRole struct has, otherwise we have to keep on doing typecasting.
For example https://godoc.org/github.com/mikespook/gorbac#RBAC.Get method returns object of type Role. If you want to assign a permission to it, you have to first typecast to StdRole, as func Assign(...) is not listed in the above mentioned interface

I feel this related issue was wrong closed #12

Hi mikespook, I'm Yang Luo, the author of casbin. It is an authorization library that supports models like MAC, RBAC, ABAC.

I'm lucky to find the gorbac project when searching authorization in Go:) Compared to gorbac, casbin is more low-level and doesn't provide a friendly RBAC interface as gorbac. But it provides permission storage via file, DB. And I found that currently gorbac's persistence is still not perfect. So what do you think of using casbin as a storage backend for gorbac? Of course it's better if you want to use it as the enforcement engine too. Looking forward to your reply.

我看role添加parent时是没有做检查的,如果包含关系不当,例如: a=>b=>c=>d=>e=>(b) ,那么在使用HasPermission时查找一个不存在的permission,是否会死循环呢? 我没测试过,只是猜测可能会

Just wanted to ask if you have any plans of supporting multiple roles in the permission check? For example by sending in a slice of roles. How will that work with the parenting system?

According to the Wikipedia article on RBAC that seems like a common use case: http://en.wikipedia.org/wiki/Role-based_access_control

Error -
c:\Data\Project\Go_workspace\src\github.com\mikespook\gorbac>go test

github.com/mikespook/gorbac

C:\Data\Project\Go_workspace\src\github.com\mikespook\gorbac\rbac_test.go:5: import "github.com/mike
spook/gorbac" while compiling that package (import cycle)
FAIL github.com/mikespook/gorbac [build failed]

Add rbac.mutex.Lock()/Unlock() to Walk()

Maybe this is possible and I am just not clear on how I would implement it. Is it possible for me to save/load my role and permission data out of a mysql database (or another type of DB)?

How to add more permissions to a role?

here are the error info

go get github.com/mikespook/gorbac

# github.com/mikespook/gorbac
dev/golang/3rdLibs/src/github.com/mikespook/gorbac/role.go:107: p.Name undefined (type Permission has no field or method Name)
dev/golang/3rdLibs/src/github.com/mikespook/gorbac/role.go:120: p.Name undefined (type Permission has no field or method Name)
dev/golang/3rdLibs/src/github.com/mikespook/gorbac/role.go:126: rp.Has undefined (type Permission has no field or method Has)
dev/golang/3rdLibs/src/github.com/mikespook/gorbac/role.go:144: p.Name undefined (type Permission has no field or method Name)

It would be nice to support parameterized RBAC. This would allow the ability to define fine-grained roles and permissions to support things like object level permissions and roles.

Here's a django implementation: https://github.com/dimagi/django-prbac

Let say i have this sorts of permissions:

permissions["view_sales"] = gorbac.NewStdPermission("view_sales")
permissions["edit_sales"] = gorbac.NewStdPermission("edit_sales")

if rbac.IsGranted("cashier", permissions["delete_sales"], nil) {
    fmt.Println("Permission delete_sales::YES")
}

gorbac will simply throw a panic on me if delete_sales is not a valid / non existence permission.
Is there a way to simply return false instead?

Several advices:

• SetParent, if you set 1 to a, then a == 1, but SetParent is more like AddParent
• If there are some potential circle errors, they should be thrown immediately rather than at runtime