Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an authorization mechanism based on Casbin #368

Closed
hsluoyz opened this issue May 31, 2017 · 6 comments
Closed

Add an authorization mechanism based on Casbin #368

hsluoyz opened this issue May 31, 2017 · 6 comments

Comments

@hsluoyz
Copy link
Contributor

hsluoyz commented May 31, 2017

Hi, I'm the author of Casbin. It is a Go authorization library that supports access control models like ACL, RBAC, ABAC. It's already used in some large systems, mostly web frameworks. See details here: https://github.com/casbin/casbin

I noticed that semaphore still lacks an authorization mechanism, and there's demand for it (see: #344). (Thanks to @matejkramny for pointing it out for me:)) I think a RBAC-based authorization will fit in our scenario. About our scenario, Casbin can provide:

  1. roles can be global or within a tenant (aka project). So the platform owner can have a global admin role, and the project owner will have a local admin role, which only works inside his project.
  2. roles can be cascaded. e.g. admin role can be a member of template admin and task admin roles. So admin role will have all the permissions that are assigned to template admin and task admin.
  3. support permission groups (like roles). This is useful when you want to group the permissions.
  4. the permission granting and user-role mapping can be persisted in files or database (MySQL, NoSQL, etc), support for other DBs can be added if needed.

So what do you think? I can make PR if it's OK. Thanks!

@matejkramny @strangeman
@fernandezvara
Copy link

That can be a really good addition to the project. Not having roles limits using semaphone in some environments like mine.

I would like to help in its implementation, while I don't know much about casbin right now.

@hsluoyz
Copy link
Contributor Author

hsluoyz commented Jul 14, 2017

Hi @fernandezvara ,

Thanks for willing to help:)

You can get a rough image of Casbin at the README.md here: https://github.com/casbin/casbin

The model syntax is here: https://github.com/casbin/casbin/blob/master/Model.md

Please contact me at the Gitter if you have any questions or want to discuss with me:) I really doesn't have much knowledge of semaphore.

@itxx00
Copy link

itxx00 commented Jul 17, 2017

+1

@strangeman
Copy link
Contributor

Looks interesting for me. I plan to play with Casbin during this week. @hsluoyz, I contact you in the case of problems.

@twhiston
Copy link
Contributor

@strangeman - was there any outcome to this? If not I will close it in favour of a more generic ticket for abstracting authentication mechanisms, as we also have a need to support keycloak etc....

@strangeman
Copy link
Contributor

@twhiston nope, I didn't reach any progress in this. We need to think about more rich authentification and authorization mechanisms.

@twhiston twhiston mentioned this issue Feb 18, 2018
Open
@steadfasterX steadfasterX mentioned this issue Mar 16, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@fernandezvara @strangeman @itxx00 @hsluoyz @twhiston