"Domain tenant" is useful in multi-group scenario. However, the API does not support multi-tenant at this stage, like lack of grouping policy, "can" function doesn't support "domain" param.
So I wonder whether the project plans to increase support for domain, or needs some PR support?
This is a demo for multi-tenant domain.
const casbin = require('casbin');
const data = {
m: `
[request_definition]
r = sub, dom, obj, act
[policy_definition]
p = sub, dom, obj, act
[role_definition]
g = _, _, _
g2 = _, _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub, r.dom) && g2(r.obj, p.obj, r.dom) && r.dom == p.dom && r.act == p.act
`,
p: [
['p', 'admin', 'domain1', 'data1', 'read'],
['p', 'admin', 'domain1', 'data1', 'write'],
['p', 'admin', 'domain2', 'data2', 'read'],
['p', 'admin', 'domain2', 'data2', 'write'],
['p', 'data_group_admin', 'domain2', 'data_group', 'write'],
],
g: [
['g', 'alice', 'admin', 'domain1'],
['g', 'alice', 'data_group_admin', 'domain2'],
['g2', 'data1', 'data_group', 'domain1'],
['g2', 'data2', 'data_group', 'domain2'],
],
};
const model = casbin.newModelFromString(data.m);
const enforcer = await casbin.newEnforcer(model);
const policies = data.p;
policies.forEach(async (policy) => {
const policyResult = await enforcer.addNamedPolicy(...policy);
console.log(`policy: ${policy.join(',')}, policyResult: ${policyResult}`);
});
const roles = data.g;
roles.forEach(async (role) => {
const roleResult = await enforcer.addNamedGroupingPolicy(...role);
console.log(`role: ${role.join(',')}, roleResult: ${roleResult}`);
})
const result = await enforcer.enforce('alice', 'domain1', 'data1', 'read');
console.log(`casbin result: ${result}`);
"Domain tenant" is useful in multi-group scenario. However, the API does not support multi-tenant at this stage, like lack of grouping policy, "can" function doesn't support "domain" param.
So I wonder whether the project plans to increase support for domain, or needs some PR support?
This is a demo for multi-tenant domain.