Skip to content

Configurable option of Authorization (roles and permissions) for each route #162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
2 tasks done
jeevatkm opened this issue Apr 7, 2018 · 2 comments
Closed
2 tasks done

Configurable option of Authorization (roles and permissions) for each route #162

jeevatkm opened this issue Apr 7, 2018 · 2 comments
Assignees
@jeevatkm
Labels
enhancement lib-router Request Routing lib-security Security (Authc, Authz, Password Crypto, etc)
Milestone
v0.11.0 Milestone

Comments

@jeevatkm
Copy link
Member

jeevatkm commented Apr 7, 2018
edited
Loading

The goal is to bring configurable option of Authorization at domain and route level for roles and permission.

How is authorization (Roles and Permission) check happening now?

Currently, aah user have to use Controller interceptors (Before or Before<Action> based on scenario) to do roles and permission check.

What are the benefits of having this configurable option at each route level?

  • aah performs the Authorization per configured roles and permission against logged in Subject for incoming request
    • If authorization is success then request would proceed as normal
    • If authorization is failed then aah calls error handling flow
    • If authorization check is not configured then request would proceed to controller action
  • Also you have existing flexibility and control to do you own Authorization

Configuration Syntax

# Authorization (access rights/privileges)
# 
# Note: It is not evaluated, if `<route>.auth` attribute is `anonymous`.
authorization {
  # Satisfy value is used to evaluate the result of `roles` and `permissions` attribute.
  #
  # Possible values are 
  #   - `either` => either roles or permissions should satisfy for Subject
  #   - `both`   => both roles and permissions should satisfy for Subject
  #
  # Default value is `either`.
  satisfy = "either"

  # Roles (Optional config)
  # Result of role function is evaluated as AND.
  #
  # Supported functions are `hasrole`, `hasanyrole`, `hasallroles`.
  # Roles are comma(,) separated values.
  roles = [
    "hasrole(manager)",
    "hasanyrole(role1, role2, role3)"
  ]

  # Permissions (Optional config)
  # Doc: https://docs.aahframework.org/security-permissions.html
  #
  # Result of permission function is evaluated as AND.
  #
  # Supported functions are `ispermitted`, `ispermittedall`.
  # Permissions are pipe(|) separated values.
  permissions = [
    "ispermitted(newsletter:read,write)",
    "ispermittedall(newsletter:read,write | newsletter:12345)"
  ]
}

Where to configure Authorization ?

Authorization configuration defined in routes.conf.

  • Child Route inherits parent authorization { ... } config if not defined.
  • Implementation
  • Documentation
@jeevatkm jeevatkm added enhancement lib-router Request Routing lib-security Security (Authc, Authz, Password Crypto, etc) labels Apr 7, 2018
@jeevatkm jeevatkm added this to the v0.11.0 Milestone milestone Apr 7, 2018
@jeevatkm jeevatkm self-assigned this Apr 7, 2018
@jeevatkm jeevatkm mentioned this issue Apr 7, 2018
Closed
@jeevatkm jeevatkm modified the milestone: v0.11.0 Milestone Apr 7, 2018
@jeevatkm jeevatkm changed the title Configurable option of roles and permissions for each route Configurable option of Authorization (roles and permissions) for each route May 18, 2018
@jeevatkm
Copy link
Member Author

All - You're invited to discuss this spec before implementation 😄

jeevatkm added a commit to go-aah/security that referenced this issue May 24, 2018
@jeevatkm
go-aah/aah#162 added reason struct for authorization failed
1613d94
jeevatkm added a commit to go-aah/router that referenced this issue May 24, 2018
@jeevatkm
go-aah/aah#162 implemented parsing authorization { ... } config and m…
563016d 
…ethod HasAccesss on route
jeevatkm added a commit to go-aah/security that referenced this issue May 24, 2018
@jeevatkm
go-aah/aah#162 added reason struct for authorization failed
52fac35
jeevatkm added a commit that referenced this issue May 24, 2018
@jeevatkm
#162 integrate authorization check in the security workflow
ee07fef
jeevatkm added a commit to go-aah/docs that referenced this issue May 27, 2018
@jeevatkm
go-aah/aah#162 added documentation
3bb8ccb
@jeevatkm
Copy link
Member Author

Its done 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeevatkm jeevatkm

Labels
enhancement lib-router Request Routing lib-security Security (Authc, Authz, Password Crypto, etc)
Projects
None yet
Milestone
v0.11.0 Milestone
Development

No branches or pull requests
1 participant
@jeevatkm