NOTE: This service uses casbin as db name, all records e.g. policy, group are under casbin_rule table
- Docker
- Go 1.12
make setup-dev
# We use docker for our database for development
docker-compose up
# Run app
DATABASE_URL=postgresql://postgres:@localhost:5432/postgres?sslmode=disable go run main.go
# or
make run-dev
make test
docker pull oursky/skygear-rbac
docker run -e "DATABASE_URL=abc" oursky/skygear-rbac:latest
(
(g(r.domain, p.domain) || g('root', r.sub)) && # request domain is SAME as policy domain (to disable inheritance of access rights)
(
(g2(r.sub, p.sub, r.domain) || (r.sub == p.sub && r.domain == p.domain)) || # request subject is assigned role/is the role in domain
(g2(r.sub, p.sub, 'root') || (r.sub == p.sub && r.domain == 'root')) # request subject is assigned role/is the role in root
)
) &&
(r.obj == p.obj || p.obj == '.*') && # request object matches policy
(r.act == p.act || p.act == '.*') && # request action matches policy
!g4(r.sub, 'disabled') && # subject in request is not disabled / archived
!g4(p.sub, 'disabled') # subject in policy is not disabled / archived