limit apps that a user can login by group

[link89]

As a system admin, I have an organization with mutliple apps under it.

I hope that for some apps only specific user can login. I know that it can be done by tags, but this solution has two problems:

1. tags are hard to manage, its hard to find how many user have specific tag.
2. a user can have only one tag a time (I may be wrong as it is not clean in the document)

By using group both issue can be solved, as group has a managment page and a user can belong to multiple group.

[casbin-bot]

@tangyang9464 @JalinWang @imp2002

[hsluoyz]

@link89 see docs: https://casdoor.org/docs/permission/permission-configuration

How to forbid a user from logging into an application: https://door.casdoor.com/permissions/casbin/permission_deny_role

[link89]

@hsluoyz The example you show it is to deny specify users to read specific apps. Is it possible to use white list rule?
For example, if there are 3 apps in an organization, how to setup rules so that

• all users can access App1
• only users in group whitelist-app2 can access App2
• only users in group whitelist-app3 can access App3

[hsluoyz]

@link89 you deny all first, then allow someone

[jump2cn]

@link89 you deny all first, then allow someone

hi @hsluoyz
I have created two permissions for users, one is to deny all, the other one allow a role. and the user have matched by permission in the user info page, but it still deny when user login.

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act

[hsluoyz]

Closed issues won't be responded.