Permissions handling #82
-
|
Hi @ivan-borovets and thank you very much for this very interesting sample. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hello, Thibaud! I didn’t design it around any specific "classic pattern", but the idea is close to a Specification-like approach: explicit authorization rules evaluated against a context. For many projects, especially as a starting point, in-process authorization like this can be more than enough. And honestly, I rarely see "pure" RBAC/ReBAC/ABAC in real projects - authorization is usually shaped by business needs. One can also see a guard-style API, where the action is encoded in the method name - |
Beta Was this translation helpful? Give feedback.
Hello, Thibaud!
I didn’t design it around any specific "classic pattern", but the idea is close to a Specification-like approach: explicit authorization rules evaluated against a context. For many projects, especially as a starting point, in-process authorization like this can be more than enough. And honestly, I rarely see "pure" RBAC/ReBAC/ABAC in real projects - authorization is usually shaped by business needs.
One can also see a guard-style API, where the action is encoded in the method name -
check_can_<do>(context). For fine-grained enterprise authorization, one possible approach is to rely on an external Policy Decision Point (e.g. OPA) - then you add an application port to that P…