Make HttpRequest available to RequestTransformer via the CasbinAuthorizationContext or CasbinAuthorizationData

[thoraj]

We wish to provide the HttpRequest object to the RequestTransformer. This will allow the transformer to work out the obj (=request path), and the act method (e.g. GET|POST), without having to explicitly provide those in the CasbinAuthorize attribute. It will also enable scenarios where e.g. the domain/tenant is to be found either in the request headers or in the request content.

I have created a proof of concept which seem to work. So I'm wondering if you are accepting PRs? Or if there are any suitable extension points for this, or if we will be required to fork the project?

[sagilio]

Welcome to open PRs!
I think it is a good idea and the HttpRequest object can be added to the ICasbinAuthorizationContext without a lot of changes
It may a better way of replacing the User property with HttpConext in ICasbinAuthorizationContext.

[thoraj]

Ok.

In my proof of concept I added HttpRequest to the ICasbinAuthorizationData, but perhaps a better place is to add it to ICasbinAuthorizationContext?

I will look into it

[hsluoyz]

@sagilio plz make a new release.

[thoraj]

Is there anything you need from me which is blocking a new release?

Is there CI/CD (bleeding edge) pipeline where I can get the latest merged changes?

The reason for asking is to avoid having to set up my own nuget package pipeline to get the latest changes into my project.

[sagilio]

@thoraj You can refer this：https://github.com/casbin-net/casbin-aspnetcore#installation，
and now the latest build version will be auto push to here : https://www.myget.org/feed/casbin-net/package/nuget/Casbin.AspNetCore.
Recently we will release alpha versions on nuget.org, you can get the new version directly at that time.

[hsluoyz]

@sagilio we should setup semantic-release to push every merged PR into nuget directly. That's fine because we use semantic-versioning to make sure the users can always know what they are doing, does this make sense?

[thoraj]

Ok.

I am consuming the Casbin packages from the myget feed. The latest versions there are:

• Casbin.AspNetCore: 0.1.0-build.16.master.64cc1dc (from March 10, 2021)
• Casbin.AspNetCore.Core: 0.1.0-build.71.master.51c2fd0 (from October 2, 2020)
• Casbin.AspNetCore.Abstractions: 0.1.0-build.71.master.51c2fd0 (from October 2, 2020)

So until a new release of Casbin.AspNetCore.Abstractions is available the HttpRequest will be missing on the ICasbinAuthorizationContext interface

[sagilio]

@hsluoyz Yes, I am doing it.

[sagilio]

@thoraj
All package last version should be 0.1.0-build.16.master.64cc1dc, I have unlisted the old version, you can check it now.

And now the HttpConext is available to the CasbinAuthorizationContext, You can get the request in it. Because I think user may need the Connection and more properties not only User and HttpReuqest. The changes in this commit : 2fe5e4f

[thoraj]

Yes fine. Looks good. My reason for not adding the HttpContext was that it is available on the HttpRequest object. But it is probably cleaner to replace both User and HttpRequest with HttpContext.

I just updated the packages from the myget feed, so all is good.