mikespook / gorbac Goto Github PK
View Code? Open in Web Editor NEWgoRBAC provides a lightweight role-based access control (RBAC) implementation in Golang.
License: MIT License
goRBAC provides a lightweight role-based access control (RBAC) implementation in Golang.
License: MIT License
I have a particular use case where errors may be introduced when performing an AddPermission
. I would like to propose a list change to the interface from AddPermission(string)
to AddPermission(string) error
. Any thoughts?
Dear Maintainer,
I feel like something is not consistent but as you are in v2 I think there is a story behind.
When Assigning Permissions to Roles this is done via types func (role *StdRole) Assign(p Permission) error
(Permission type).
When Inheriting Roles this is done via strings func (rbac *RBAC) SetParent(id string, parent string) error
, i.e. you could have written a signature like func (rbac *RBAC) SetParent(child Role, parent Role) error
.
Which would be:
I will work around it by using roleA.ID() but this feels implicit when I need to check your code to notice IDs are the map stored things I need to use to get strings.
So please don´t read it as a complain your repo seems to be fine but is there a story behind that API design?
I am working on a API that involves interacting with models in a database. Users have either guest owner or admin roles on the data and have create, read, update and delete permissions on the data. Each of those is different for each model and each model only allows access to specific fields.
Example:
user model has full CRUD but only certain fields can be directly manipulated by owners and there are only read permissions on some minimal values for guest. How would I go about using gorbac for my use case?
Hi,
I wrote a simple function to test my use of the package and discovered that if one calls IsGranted
from within the Walk
handler function, the code hangs. Looking into the code it looks like a deadlock.
Would it be possible to expose a non locking version of IsGranted
(basically the existing private isGranted
).
Cheers,
Shmul
I suggest that we can learn from the java
's shiro
framework.
http://shiro-go.googlecode.com
Please consider tagging releases using Semantic Versioning.
Line 32 in a989d0e
api:runtime error: invalid memory address or nil pointer dereference
github.com/mikespook/gorbac/permission.go:33
github.com/mikespook/gorbac/role.go:53
github.com/mikespook/gorbac/rbac.go:199
github.com/mikespook/gorbac/rbac.go:194
github.com/mikespook/gorbac/helper.go:78
Is there any storage backend support? e.g. mongo. redis.
I have created a new middleware for tango - https://github.com/tango-contrib/rbac. And it's based on this project. A question is how to load rbac information from a database or a file?
type Role interface {
ID() string
Permit(Permission) bool
}
This Interface should list all the methods StdRole
struct has, otherwise we have to keep on doing typecasting.
For example https://godoc.org/github.com/mikespook/gorbac#RBAC.Get method returns object of type Role
. If you want to assign a permission to it, you have to first typecast to StdRole
, as func Assign(...)
is not listed in the above mentioned interface
I feel this related issue was wrong closed #12
Hi mikespook, I'm Yang Luo, the author of casbin. It is an authorization library that supports models like MAC, RBAC, ABAC.
I'm lucky to find the gorbac project when searching authorization in Go:) Compared to gorbac, casbin is more low-level and doesn't provide a friendly RBAC interface as gorbac. But it provides permission storage via file, DB. And I found that currently gorbac's persistence is still not perfect. So what do you think of using casbin as a storage backend for gorbac? Of course it's better if you want to use it as the enforcement engine too. Looking forward to your reply.
我看role添加parent时是没有做检查的,如果包含关系不当,例如: a=>b=>c=>d=>e=>(b) ,那么在使用HasPermission时查找一个不存在的permission,是否会死循环呢? 我没测试过,只是猜测可能会
Just wanted to ask if you have any plans of supporting multiple roles in the permission check? For example by sending in a slice of roles. How will that work with the parenting system?
According to the Wikipedia article on RBAC that seems like a common use case: http://en.wikipedia.org/wiki/Role-based_access_control
Error -
c:\Data\Project\Go_workspace\src\github.com\mikespook\gorbac>go test
C:\Data\Project\Go_workspace\src\github.com\mikespook\gorbac\rbac_test.go:5: import "github.com/mike
spook/gorbac" while compiling that package (import cycle)
FAIL github.com/mikespook/gorbac [build failed]
Add rbac.mutex.Lock()/Unlock() to Walk()
Maybe this is possible and I am just not clear on how I would implement it. Is it possible for me to save/load my role and permission data out of a mysql database (or another type of DB)?
How to add more permissions to a role?
here are the error info
go get github.com/mikespook/gorbac
# github.com/mikespook/gorbac
dev/golang/3rdLibs/src/github.com/mikespook/gorbac/role.go:107: p.Name undefined (type Permission has no field or method Name)
dev/golang/3rdLibs/src/github.com/mikespook/gorbac/role.go:120: p.Name undefined (type Permission has no field or method Name)
dev/golang/3rdLibs/src/github.com/mikespook/gorbac/role.go:126: rp.Has undefined (type Permission has no field or method Has)
dev/golang/3rdLibs/src/github.com/mikespook/gorbac/role.go:144: p.Name undefined (type Permission has no field or method Name)
It would be nice to support parameterized RBAC. This would allow the ability to define fine-grained roles and permissions to support things like object level permissions and roles.
Here's a django implementation: https://github.com/dimagi/django-prbac
Let say i have this sorts of permissions:
permissions["view_sales"] = gorbac.NewStdPermission("view_sales")
permissions["edit_sales"] = gorbac.NewStdPermission("edit_sales")
if rbac.IsGranted("cashier", permissions["delete_sales"], nil) {
fmt.Println("Permission delete_sales::YES")
}
gorbac will simply throw a panic on me if delete_sales
is not a valid / non existence permission.
Is there a way to simply return false
instead?
Several advices:
SetParent
, if you set 1
to a
, then a == 1
, but SetParent
is more like AddParent
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.