首页   API文档   注册   登录
Casbin = way to authorization
A place for Casbin developers and users
现在注册
已注册用户请  登录
fronix
Casnode  ›  Casbin

Some help figuring out if Casebin fits for my project

  •  
  •  
    fronix · 4个月前 · 47 次点击 
    这是一个创建于 107 天前的主题,其中的信息可能已经有所发展或是发生改变。

    I've been reading a lot about Casbin trying to figure out if it fits for my project. I'm writing this to get some guidance to see if I'm on the right path.

    I have this project which needs some form of authorization for some of the users based on contents of certain data. All of the data has one common connection point which is the organization who owns the data. The idea is to have three account types

    • owners
    • sub_owners
    • users

    To represent some data here's an example datamodel:

    • Organization - id, name
      • Offices(1...) - id, orgid, name
        • Rooms(1...) - id, officeid, name
          • Desks(1...) - id, roomid, name, desktype

    Owners are like superadmins for an orgnization, they have unrestricted access to all the offices, rooms and desks that is connected to the organization they own. Owners can give anyone access to CRUD any of these by giving the manager role or individual access to users.

    sub_owners are assigned by owners and also have unrestricted access to the organization's offices, rooms and desks. sub_owners cannot give the sub_owners role but they can give individual access to users. They can give user X permission to view Office Y if desktype is Z

    Users need to be assigned access to one or more of the offices, rooms or desks depending on what that user needs to do. This role needs to be quite flexible.

    So to write an example it would look something like this:

    Owners: Bob

    Managers: Alice, Lisa

    Users: Ted, Karen

    Organization: { id: 1, name: "Pumpkin Inc." }
    Offices: [
    { id: 1, orgid: 1, name: "Apple Office"}]
    Rooms: [
    {id: 1, officeid: 1, name: "Green room"},
    {id: 2, officeid: 1, name: "Black room"}]
    Desks: [
    {id: 1, roomid: 1, name: "Green desk", desktype: "plastic"},
    {id: 2, roomid: 2, name: "Black desk", desktype: "wood"},
    {id: 3, roomid: 2, name: "White desk", desktype: "steel"}]

    • Ted has been allowed to read the Apple Office data if the room's desktype is wood
    • Karen has been allwed to read the Apple Office data if the room's desktype is wood or plastic
    • Both Alice and Lisa can read any data in the Apple Office but they cannot read any information from the organization level.
    • Alice gives a new User Eric permission to read Apple Office data if desktype is steel

    What would be a good way to setup this using Casbin? Imagine 10000 organizations that have 1 office 2 rooms and 2 desks and every organization has 5 users.

    Translate

    47 次点击  ∙  0 人收藏  
    Tweet Weibo 忽略主题 
    目前尚无回复
    关于   ·   FAQ   ·   API   ·   我们的愿景   ·   广告投放   ·   感谢   ·   实用小工具   ·   0 人在线   最高记录 0   ·     选择语言  ·     选择编辑器
    创意工作者们的社区
    World is powered by code
    VERSION: 63787e6 · 27ms · UTC 12:49 · PVG 20:49 · LAX 05:49 · JFK 08:49
    ♥ Do have faith in what you're doing.