You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What's your scenario? What do you want to achieve?
I have an RBAC scenario where I'm trying to create policies with parameters in them. Then, by using a slightly more elaborate matcher function I'm trying to enforce users that I've assigned to these policies.
In my system say there are two entities: rooms and activities. Each activity belongs in a room. If a user has "authorization" to participate in a room, they have authorization to participate in every activity in that room. I'm trying to avoid creating policies per room (e.g. /room/1) by trying to use a pattern (e.g. /room/{roomID}). Please see my config, policies and tests below.
The pattern business is working well. The issue happens when I assign one of these roles to a user. When the user's name gets passed to the matcher function, the g(r.sub, p.sub) returns true, but rest of the matching function returns false.
So far, everything worked as expected. Here is where things don't work:
Your policy:
g, harry, room_1_participant
Your request(s):
harry, room/1, read ---> false (expected: true)
It looks like in the matcher function the r.sub is always harry and never gets swapped with room_1_participant. Maybe I didn't set up my matcher function correctly to use the roles that users inherit. I would appreciate some help here. Thank you!
The text was updated successfully, but these errors were encountered:
What's your scenario? What do you want to achieve?
I have an RBAC scenario where I'm trying to create policies with parameters in them. Then, by using a slightly more elaborate matcher function I'm trying to enforce users that I've assigned to these policies.
In my system say there are two entities: rooms and activities. Each activity belongs in a room. If a user has "authorization" to participate in a room, they have authorization to participate in every activity in that room. I'm trying to avoid creating policies per room (e.g.
/room/1
) by trying to use a pattern (e.g./room/{roomID}
). Please see my config, policies and tests below.The pattern business is working well. The issue happens when I assign one of these roles to a user. When the user's name gets passed to the matcher function, the
g(r.sub, p.sub)
returns true, but rest of the matching function returns false.Your model:
NOTE:
e.AddNamedMatchingFunc("g", "keyMatch3", casbinutil.KeyMatch3)
Your policy:
Your request(s):
So far, everything worked as expected. Here is where things don't work:
Your policy:
Your request(s):
It looks like in the matcher function the
r.sub
is alwaysharry
and never gets swapped withroom_1_participant
. Maybe I didn't set up my matcher function correctly to use the roles that users inherit. I would appreciate some help here. Thank you!The text was updated successfully, but these errors were encountered: