You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Often a user is a member of one or more groups, and may have permissions specific to that group that differs from others, or access to resources owned by that group. We should add support for groups and authorization based on group membership.
The text was updated successfully, but these errors were encountered:
It's been a few months since I was working on this. There are a couple ways to do it, either leveraging the graph (bi-directional node / relation table) and adding user associations MEMBER_OF to a Group node. Then when performing the authorization check, fetch all the associations of the user of desired otype (object type), and if the resource is also member of that, then determine if isOwnerOrMember should be true.
Another way to do it is using the relational DB and add a Group entity with relations to User and similar check when authorizing the actions. I haven't decided yet which direction I wanted to take but all the pieces are in place to implement either. The key is in your DAO when you're authorizing the method, you perform a query at the top to check if they are member of the group the resource is linked to, and then set the isOwnerOrMember accordingly.
If I find time this Summer I'll revisit and implement but this was meant as a starter that anyone could then extend to their liking/needs. Hopefully those ideas help you with your project. ;-)
Often a user is a member of one or more groups, and may have permissions specific to that group that differs from others, or access to resources owned by that group. We should add support for groups and authorization based on group membership.
The text was updated successfully, but these errors were encountered: