New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement FilteredAdapter #79
Comments
@xcaptain Is it possible to change GSOC ideas? I would like to put some issues into GSOC ideas. Just to avoid the situation in which two students would like to work on the same idea. |
@GopherJ I'm afraid not. How about we create a slack channel so all the contributors can discuss some proposals at slack first. |
@xcaptain It seems FilteredAdapter is not dynamic for now. I'm not sure if it'll be better if we detect if the request matches one of the element in filter. If not we load that part then do the enforce. For example, we have initial filter like: p: vec!["", "domain1"]
g: vec!["", "domain2"] then suddenly we receive a request |
It will cause some performance downgrade for sure |
The hard part is when an enforce request happens, the filtered adapter needs to know which policies should be loaded(recursive search, policies for alice, policies for alice's group ...). The Go version of casbin provides a simple example on how to filter through domain, this is simple because policies won't exist in 2 domains. This way is not idea because only one domain may contains many policies. |
Sorry I may misunderstand the Go version of rbac_policy.csv
An enforce happens
Can a sql like select * from casbin_rule where ptype="p" and v1="data2" union select * from casbin_rule where ptype="g" and v0="alice"; provides enough information to determine the enforce result? |
@xcaptain If the adapter has a function like: But the difficulty for me is: how to generate a more generic filter from a request, we don't want to load only one policy at a time, If we are using rbac maybe we can use in |
Line 99 in a9d5d1e
This |
close as solved in #119 |
Currently we load all the policies into casbin and then do the matching, this would cause a lot of memory when we have many policies(millions or more). A filtered adapter means when an
enforce
request happens then query the adapter for result.diesel-adapter and sqlx-adapter should implement this feature.
The text was updated successfully, but these errors were encountered: