[Question] Establish rules of users of different organizations visibility about casbin HOT 5 CLOSED

@tangyang9464 @JalinWang

from casbin.

@taksedo what's your question? (what you expect and what you get)

from casbin.

@hsluoyz as described in first post I need to establish visibility between users depend on their organization.

If they are from the same organization then they shall see each other.

If they are from different organization they shall see each other only if active contract exists.

from casbin.

@taksedo I don't think this is an authorization question

from casbin.

@hsluoyz definition from Wikipedia:

Authorization or authorisation (see spelling differences) is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular.[1] More formally, "to authorize" is to define an access policy. So I am not agree that is not authorization question.

Morover I find they way with custom function:

// test stab
pub fn is_active_contract_exists(sub_org: ImmutableString, obj_org: ImmutableString) -> bool {
    let orgs_with_contract = ["org::org1".into(), "org::org2".into()];
    orgs_with_contract.contains(&sub_org)
        && orgs_with_contract.contains(&obj_org)
        && sub_org != obj_org
}

[request_definition]
r = sub, act, obj

[policy_definition]
p = obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = \
r.act == p.act && is_active_contract_exists(r.sub.org_name, r.obj.org_name) && r.sub.public_user == "true" || \
r.act == p.act && r.sub.org_name == r.obj.org_name

p, _, action::user-read

Is it the only way to leverage my purpose?

from casbin.