-
-
Notifications
You must be signed in to change notification settings - Fork 211
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using wildcards for domain #255
Comments
@EladProject can you check if it has the same result on https://casbin.org/en/editor ? It is based on Node-Casbin. Also post your model, policy, requests and expected result here. |
Yes, I tried it in the editor. Model: [request_definition]
r = sub, tenantId, resourceType, obj, act
[policy_definition]
p = sub, tenantId, resourceType, obj, act
[role_definition]
g = _, _ , _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub, r.tenantId) && \
(r.tenantId == p.tenantId || p.tenantId == "*") && \
r.resourceType==p.resourceType && \
( \
((r.obj == p.obj || p.obj == "*") && r.act == p.act) || \
(p.resourceType == "url" && \
((keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)) )) \
) Policy:
This my request:
|
working on this |
@EladProject Have you noticed that RoleManager has a API called node-casbin/src/rbac/defaultRoleManager.ts Lines 172 to 180 in a50ad82
|
@Zxilly , |
@EladProject |
resolved by casbin/casbin-editor#43 |
Hi,
I have a situation where certain roles (meant for grouping a specific kind of resources) are domain-independent.
So I need to mix domain roles with non-domain roles.
I'd like to use a wildcard in the domain like so:
and have the matcher allow the policies of operation_role_GET_BOOKS for USER_ID_2
But I can't get it to work.
If I use:
it's working. But It's not what I need.
(P.S., I know I could have used resource groups, but that made my matcher more complex and another issue)
The text was updated successfully, but these errors were encountered: