Giter Club home page Giter Club logo

Comments (4)

casbin-bot avatar casbin-bot commented on May 27, 2024

@sagilio @xcaptain @huazhikui

from casbin-aspnetcore.

sagilio avatar sagilio commented on May 27, 2024

Model and Enforcer have the default Scope lifecycle at the current version, you can change it by optional parameters,
And in Casbin v2.0, we can use synced model, so the model can have a singleton lifecycle.:

casbin-aspnetcore/src/Casbin.AspNetCore/ServiceCollectionExtension.cs

Lines 19 to 37 in 0cb68a5

/// <summary>
/// Adds casbin authorization services to the specified <see cref="IServiceCollection" />
/// </summary>
/// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
/// <param name="configureOptions"></param>
/// <param name="defaultEnforcerProviderLifeTime">The lifetime with which to register the IEnforcerProvider service in the container.</param>
/// <param name="defaultModelProviderLifeTime">The lifetime with which to register the ICasbinModelProvider service in the container.</param>
/// <returns>The <see cref="IServiceCollection"/> so that additional calls can be chained.</returns>
public static IServiceCollection AddCasbinAuthorization(this IServiceCollection services,
Action<CasbinAuthorizationOptions>? configureOptions = default,
ServiceLifetime defaultEnforcerProviderLifeTime = ServiceLifetime.Scoped,
ServiceLifetime defaultModelProviderLifeTime = ServiceLifetime.Scoped)
{
services.TryAddTransient<ICasbinEvaluator, CasbinEvaluator>();
services.TryAddSingleton<ICasbinAuthorizationPolicyProvider, DefaultCasbinAuthorizationPolicyProvider>();
services.TryAddSingleton<ICasbinAuthorizationMiddlewareResultHandler, CasbinAuthorizationMiddlewareResultHandler>();
services.AddCasbinAuthorizationCore(configureOptions, defaultEnforcerProviderLifeTime, defaultModelProviderLifeTime);
return services;
}

If you use the default option, the changes to the database will be active immediately, Would you like to provide a sample for us to handle this problem

from casbin-aspnetcore.

thoraj avatar thoraj commented on May 27, 2024

I feel like I'm on a fairly steep learning curve here.

What I'm trying to achieve is:

  1. Use EFCoreAdapter with a PosgresSQL and a custom CasbinContext (VerjiCasbinContext)
  2. Access Enforcer in service components which are resolved from contiainer/ServiceCollection
  3. Use CasbinAuthorize attribute with custom RequestTransformers
  4. Use filtering to avoid loading all data
    • Filtering must be made from request parameter (i.e picking from HttpContext somehow)

I think the approach I have now is wrong and has issues with component lifecycles. Currently I'm registering Casbin components in an Autofac container. The CasbinAuthorize middleware resolve the Enforcer from the DefaultEnforcerFactory which resolves it from Autofac/ServiceCollection. In other components I inject Enforcer directly. I think this is causing issues with lifecycle management and concurrency.

So to elevate my understanding of Casbin, I would like to hear about the recommended ways to achieve the goals I described above.

  • What is the recommended way to use EFCoreAdapter instead of DefaultFileAdapter?
  • What is the recommended way to get access to an Enforcer object using DI
  • What is the recommended way to use filtering in an enforcer in the middleware? (Filtering on parameters in HttpContext)

I hope there is a better way than to re-implement most of the servicecollection registrations, and that overriding the correct dependencies will do the trick.

from casbin-aspnetcore.

thoraj avatar thoraj commented on May 27, 2024

We have come a bit further, so I'll just summarize what we've done in case there are comments, or in case this could be of benefit to others:

To leverage the most of the logic already in place we abandoned most of our custom DI registrations, and try to rely more on the casbin built in handling of scopes etc. So now we instead:

  • Register our custom VerjiCasbinDbContext
  • Register a custom VerjiEnforcerProvider

In VerjiEnforcerProvider we inject:

  • ICasbinModelProvider
  • VerjiCasbinDbContext
  • HttpContextAccessor

This lets us create an adapter, and an Enforcer, and lets us customize the adapter and enforcer to ensure:

  • We have added the appropriate matching functions
  • We applied the appropriate filtering of policies

With this approach things started to behave a lot better wrt. object lifecycle, and data staleness.

from casbin-aspnetcore.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.