1

I need to implement custom RBAC support for my product and I stumbled upon casbin/jcasbin that looks promising.

I am checking java API and I do not seem to find a way to fetch all objects of a particular type that a user has access to.

Say, I am implementing an API (not necessarily a REST-based) that is supposed to return a list of all entities the user has read access to.

What jcasbin API call would that be?

I am looking into Enforcer interface and it seems to check whether a user (subject) can do a particular action on the given object.

How do I list all the objects for a user with the given action?

I think RBAC with resource roles is what I want, my model.conf:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _
g2 = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act


p, role:viewer, context, read
g, alice, role:viewer
g2, c1, context
g2, c2, context

Here, viewer role grants read permission to the entity type context. alice is assigned viewer role. c1 and c2 objects are of type context. Now, I want to read all contexts for the user alice.

P.S.: I am not sure if SO is the right venue for these types of questions.

Ihor M.
  • 2,728
  • 3
  • 44
  • 70
  • See my reply here: https://github.com/casbin/jcasbin/issues/185#issuecomment-831633292 – hsluoyz May 05 '21 at 09:27
  • Yang Lou: I didn't see an answer I understood in that thread. for example: I want to query to find out, for which set of objects, can Alice do the action "read"? ..or better still, which objects containing the regex /^book.*$/ – James Earlywine Nov 11 '21 at 23:09

1 Answers1

0

Use the new added batchEnforce() API: https://github.com/casbin/jcasbin/issues/187

hsluoyz
  • 2,739
  • 5
  • 35
  • 59