You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 24, 2024. It is now read-only.
Before running a buffalo project in production, most of the developers will have to implement an access control policy. "Who can access what resource and read, write, create it. "
This task is quite time consuming today with buffalo. One must create a "scoping" middle ware function for each resource. You will need to repeat yourself for every new buffalo project.
Developing such middle-ware is prone to error and mistakes ( as any development). Also making an error in security is a big deal; and is a big concern nowadays.
We could gain a lot in agility concerning the AC. Think adding a "marketing role" means scanning your scope function(s) and re compiling the binary.
An Access control with a plugin would be a great feature that would standardize, provide a kind of "security by design" and remove the pain of redoing the same code. Moreover this common task could have support & improvments from the community.
Steps to Reproduce the Problem
Create a new project today and you will need in 2 months to set a AC system.
Please give your ideas in comments.
The text was updated successfully, but these errors were encountered:
We could be using a library like this one : https://github.com/casbin/casbin
We would call the plugin "accesscontrol"
Which would do the following taks:
Create a scoping function ( ressource + user + rights). Call this function in each resource.
If the buffalo-auth OR buffalo-goth + users plugin is activated :
get the user UUID for the scoping function.
Create a default func in the login call back when a new user is created . This function will modify the CONF file to add this user
PS: could be done after plugins are stabilized : Proposal: Plug-ins v2 and Thin Buffalo Binary #1791
Description
Before running a buffalo project in production, most of the developers will have to implement an access control policy. "Who can access what resource and read, write, create it. "
This task is quite time consuming today with buffalo. One must create a "scoping" middle ware function for each resource. You will need to repeat yourself for every new buffalo project.
Developing such middle-ware is prone to error and mistakes ( as any development). Also making an error in security is a big deal; and is a big concern nowadays.
We could gain a lot in agility concerning the AC. Think adding a "marketing role" means scanning your scope function(s) and re compiling the binary.
An Access control with a plugin would be a great feature that would standardize, provide a kind of "security by design" and remove the pain of redoing the same code. Moreover this common task could have support & improvments from the community.
Steps to Reproduce the Problem
Create a new project today and you will need in 2 months to set a AC system.
Please give your ideas in comments.
The text was updated successfully, but these errors were encountered: