How to use matched ressources from keyMatch in policy model? #481
Description
I'm trying to implement a simplified RBAC model with groups on users and resources (REST). I have seen the tutorials for this use-case (https://casbin.org/docs/en/rbac) but I'm wondering if there is a simplified way to do this:
I want to have two groups of users, admins who can do anything with any resource, and simple users who can only access their own resources. I will switch to something more elaborate later, but am wondering if I can do this now, without needing to define (and update) resources and their owners.
Based on the keymatch2 example
(https://github.com/casbin/casbin/blob/master/examples/keymatch2_model.conf , https://github.com/casbin/casbin/blob/master/examples/keymatch2_policy.csv )
I would want to use the resource ids defined in the policy in matching rules in the model.
i.e. roughly like this
policy.csv
| ptype | v1 | v2 | v3 |
|---|---|---|---|
| p | sub | /users/:sub | GET |
where :sub in v2 has to match sub in v1.
I'm aware of keyMatch3 and keyMatch4 but since I'm not passing the user id (sub) via URL I think they don't cover this use-case. Is there a simple way to do this without defining a fully fledged resource grouping layer that I'd have to update for each resource (i.e. each new user)