GithubHelp home page GithubHelp logo

andrewsapronov / redb.obac Goto Github PK

View Code? Open in Web Editor NEW

This project forked from redberriespro/redb.obac

0.0 0.0 0.0 86 KB

Access Control and effective rights calculation for hierarchical data structures

License: Apache License 2.0

C# 100.00%

redb.obac's Introduction

Redb.OBAC - Object-Based Access Control Library

Access Control and effective rights calculation for hierarchical data structures

The library proposes an alternative approach to declarative ABAC libraries. Instead of writing complex rules for declaring permissions and access rights to resources, Redb.OBAC allows us to apply ACL lists to nodes of a hierchical structure.

Discussions: Telegram Chat

Current State

It's ALPHA version of the second generation code. "Alpha" means core APIs are more or less stable but MIGHT be changed before it becomes beta.

Technologies Supported

  • NetCore 3.1/Net5.0
  • PostgreSQL as DB engine (Supporting MySQL is in the roadmap)
  • gRPC (for accessing OBAC API from outside .Net)

Features

  • Users and UserGroups support
  • Multiple Object Types
  • Multiple Permissions and Roles
  • Set ACL to an object or a node (object tree structures are supported)
  • Allow or Deny Permission to an Object for User ot User Group.
  • Inherit-permissions-from-parent flag
  • Can be used by any language by calling OBAC's API via gRPC protocol (API Host process is included)

Code Examples

Library initialization (generic):

var pgStorage = new PgSqlObacStorageProvider(OBAC_CONNECTION);
await pgStorage.EnsureDatabaseExists();
var obacConfiguration = ObacManager.CreateConfiguration(pgStorage);
obacManager = obacConfiguration.GetObjectManager();

Local effective permission cache (can be used to apply permissions at DB level):

ctx = new HelloDbContext();
var pgStorage = new PgSqlObacStorageProvider(OBAC_CONNECTION);
await pgStorage.EnsureDatabaseExists();
            
var epLocalReceiver = new EffectivePermissionsEfReceiver(ctx);
var obacConfiguration = ObacManager.CreateConfiguration(pgStorage, epLocalReceiver);

Set up security model:

var readPermission = Guid.NewGuid();
await obacManager.EnsurePermission(readPermission, "read");
var writePermission = Guid.NewGuid();
await obacManager.EnsurePermission(writePermission, "write");

await obacManager.EnsureUser(1, "user 1");
await obacManager.EnsureUser(2, "user 2");
await obacManager.EnsureUserGroup(10, "group1");
await obacManager.AddUserToUserGroup(10,1);
await obacManager.AddUserToUserGroup(10,2);

Set up Object Types and object hierarchy

var docType = Guid.NewGuid();
await obacManager.EnsureTree(docType, "Documents");

await obacManager.EnsureTreeNode(docType, 100, null, 1);
await obacManager.EnsureTreeNode(docType, 110, 100, 1);
await obacManager.EnsureTreeNode(docType, 200, null, 1);
await obacManager.EnsureTreeNode(docType, 210, 200, 1);

Setting up ACL lists:

await obacManager.SetTreeNodeAcl(docType, 100, new AclInfo
{ InheritParentPermissions = false,
  AclItems = new[] {
     new AclItemInfo { UserGroupId = 10, PermissionId = readPermission, Kind = PermissionKindEnum.Allow },
     new AclItemInfo { UserId = 2, PermissionId = writePermission, Kind = PermissionKindEnum.Allow }
  }
});

Checking user's rights to objects (via API):

var checker = obacConfiguration.GetPermissionChecker(1);
Guid[] effectivePermissions = await checker.GetObjectPermissions(docType, 110);
var hasReadAccessToDocument110 = await checker.CheckObjectPermissions(docType, 110, readPermission);

Checking user's rights to objects (on DB level via Entity Framework):

var docsUser1CanRead = from d in (new HelloDbContext()).Documents
    join p in ctx.EffectivePermissions
    on d.Id equals p.ObjectId
  where
    p.ObjectTypeId == docType 
    && p.UserId == 1  
    && p.PermissionId == readPermission
  select d;

For more details please discover code Examples (https://github.com/redberriespro/Redb.OBAC/tree/main/Examples) and Unit Tests (https://github.com/redberriespro/Redb.OBAC/tree/main/Redb.OBAC.Tests)

Example Apps

Credits

Initially Created by

(c) 2021-... Redberries.pro

redb.obac's People

Contributors

yuryskaletskiy avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.