why not return error when setting parents if there is a circle error

[hsluoyz]

Several advices:

SetParent, if you set 1 to a, then a == 1, but SetParent is more like AddParent
If there are some potential circle errors, they should be thrown immediately rather than at runtime

Hi @nullne,

please try to use Casbin. It has a better RBAC API. For example, you can use AddRoleForUser() to add a role for a user or a role. And you can remove it by DeleteRoleForUser() as well.

Casbin is an authorization library that supports models like ACL, RBAC, ABAC.

Related to RBAC, Casbin has several advantages:

1. roles can be cascaded, aka roles can have roles.
2. support resource roles, so users have their roles and resource have their roles too. role = group here.
3. the permission assignments (or policy in Casbin's language) can be persisted in files or database (MySQL and Cassandra).

And you can even customize your own access control model, for example, mix RBAC and ABAC together by using roles and attributes at the same time. It's very flexible.

[nullne]

thank you for your efforts. I considered about casbin along with gorbac. Though casbin is more powerful, I only need a RBAC implementation. so I picked gorbac. It's really horrible in naming and design. It's tough to coding on that lib. But it have already made it! 💯

[hsluoyz]

OK. Not only about flexibility, Casbin has supported policy storage on most DBs after supporting Xorm. So it may be a better choice if you want to persist the rules. I will close this now!

[nullne]

I persist the rules by myself.