Support Key Matching

[peterzernia]

I'd like to use the keymatching I use on my backend on the frontend. An example policy using keyMatch would looks like

p, admin, *, GET
p, admin, *, POST

with a corresponding model.conf

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub == p.sub && keyMatch(r.obj, p.obj) && r.act == p.act

The returned permissions from the casbin backend for admin looks like

{
  'GET': ['*'],
  'POST': ['*']
}

Then on the frontend using keyMatch would allow

authorizer.setUser('admin')
console.log(authorizer.can('GET', '/users/1') // true
console.log(authorizer.can('POST', '/posts')) //true

[hsluoyz]

@kingiw

[Manoj-Bharti]

Hi, Any update on this?

I would like to use https://casbin.org/docs/en/abac#scaling-the-model-for-complex-and-large-number-of-abac-rules in my frontend app.

[kingiw]

@Manoj-Bharti Hi, currently Casbin.js doesn't support ABAC model. If you would like to use ABAC model at the frontend, we would like to raise this feature asap.

BTW, which language of Casbin do you use at your server side?

[Manoj-Bharti]

@kingiw Thanks for the quick response.

We are evaluating casbin currently so it's not in use. We have multiple backend applications where we want to take casbin in use in combination with AWS Cognito. Most of applications are in Node but we have some legacy applications which are written in golang and php.

[kingiw]

@Manoj-Bharti Casbin.js requires some server-side utilities. Now such server-side utilities are available only in Node-Casbin environment.

[Manoj-Bharti]

@kingiw ok so currently it's not possible, Do we have some kind of visibility when ABAC model will be supported by Casbin.js?

I was reading this #12 and here it says
Casbin.js is now perfectly support diverse access control models that Casbin originally supports, including the ACL, RBAC and ABAC. which is why i thought it should be working.

[kingiw]

@Manoj-Bharti It was a very naive implementation for support ABAC. The implementation is to pass the configuration and all related policies to the frontend.

We are now trying to optimize the implementation and let Casbin.js support all models in Casbin as well as guarantee not leaking so many info (like policies details) to the frontend.

[Manoj-Bharti]

@kingiw Ok, Thanks for the info. It would be nice to know if we have some timeline for this.

[hsluoyz]

@nodece @Zxilly has this issue been done already?

[nodece]

Currently, we migrate node-casbin to casbin.js, you can use all features from node-casbin on any js environment.

[hsluoyz]

@nodece can this issue be closed?

[nodece]

maybe we need to waiting for the user's response.

[danverde]

So just to clarify, Casbin.js still doesn't support ABAC?

[hsluoyz]

@nodece

[nodece]

@danverde Yes. Currently, using node-casbin is enough, I'm working on node-casbin, you can use the casbin@next in any JavaScript project.

[hsluoyz]

@peterzernia @danverde Casbin.js now bases on casbin-core and contains all Casbin functionalities (keymatch, RBAC, ABAC) now: #271