continuing-cyan
continuing-cyan•15mo ago

Access control cerbos in production with refine app.

I am using cerbos for my access control and it is working fine I don't have any issue with it during local development. But now I have moved my project to production server and then I have figure out that, now I need to access the cerbos URL from the server because with the local development I can use localhost:3592 and can access the cerbos policies, however; once the app is build and served from the server then when the user access my app they will download the whole JS in their browser because of which now access to cerbos should be from the server. Is there a solution to this or am I confused with the implementation detail? If I have to access the cerbos policies from a server then my whole app will now be slow just because of the network request to check the policies.
10 Replies
kapa.ai
kapa.ai•15mo ago
Hi @dipbazz. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
kapa.ai
kapa.ai•15mo ago
---------------------- Hmm, I don't know enough to give you a confident answer yet. However, you can refer to the refine documentation on Access Control Provider (https://refine.dev/docs/api-reference/core/providers/accessControl-provider/) and the Cerbos example in the refine documentation (https://refine.dev/docs/examples/access-control/cerbos) for more information on how to implement access control with Cerbos in refine. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
Access Control Provider | refine
Overview
Cerbos | refine
Access Control is a complex topic with a variety of sophisticated solutions that provide numerous functions. This example demonstrates how to use refine and Cerbos to simplify access control management throughout your application.
kapa.ai
kapa.ai•15mo ago
<@494653850632978472> kapa.ai is still learning and improving, please let us how it did by reacting below
Omer
Omer•15mo ago
Hey @dipbazz , Thank you for contacting us. I believe @alexolivier (Cerbos product guy) can assist you, or you can start a discussion from here: https://github.com/cerbos/cerbos/discussions. I hope I have been able to help. Feel free to ask if you have any other questions 💯
continuing-cyan
continuing-cyan•15mo ago
Hey @Omer, I was wondering that cerbos is a separate library that extracts the authorization logic from the application so that we have to run a cerbos instance separately which results in react application being bundled without the authorization part. Can I use the casbin for authorization so that the authorization model and policy will be bundled with react application so that refine doesn't need to talk to external process for authorization?
unwilling-turquoise
unwilling-turquoise•15mo ago
Hey @dipbazz , we are using casbin (go server side, refine client side). Casbin allows to define an authorization-model within your frontend. This will of course need some sort of role or access-mechanism when it comes down to checking "who's allowed to do what?". Depending on your use-case you might need a "role" (i.e. role: "reader") attached to the user.
continuing-cyan
continuing-cyan•15mo ago
Hey @bastianwegge, Thanks for your response. I have a role based authorization. That means I can use role to determine the user authorization and keep the authorization with the react build?
unwilling-turquoise
unwilling-turquoise•15mo ago
Yes
Omer
Omer•15mo ago
hmm, one disadvantage of this is that it requires you to redeploy your front-end application when there are changes in permissions
unwilling-turquoise
unwilling-turquoise•15mo ago
Absolutely true @Omer , as dipbazz was asking for this specific usecase, I was thinking he may be aware of that. For completeness: @dipbazz as your system evolves, you might find the need to have an endpoint inside of your API that can serve the casbin policy definition. If you want to do that, casbin has several languages it supports, so you're not "stuck" with JS/TS => https://casbin.org/
More Posts
Property 'rev' is missing in type '{}'Hi, I'm experiencing this while building on all of the antdesign icons and can't find it in the antcall specific routehi how I can call a specific route ? for example if I want to call secndoary router to get specific auth-providerGiven that my current setup is tentative, how can I configure my auth-provider to make an axios.postAuthPage remember meHi I'm using Antd for UI. In my default login page, I want to implement the 'Remember me' feature. The useApiUrl hook retrieves the default API URL in multiple data providersAccording to the documentation, one can use multiple data providers like: ```js dataProvider={{ dget selected table rows dataiam using a table with selection enabled and i need to get the datas of slected rows iam using materHow Can I do code split in RefineI want to do `lazy load` when user change route. ref: https://reactrouter.com/en/main/route/lazy cheuseForm onFinish responsehi how I can get the response from the back end with inFinish example: ```js const response = await Is that possible to install auth0 in an already ongoing refine v3 project?I want to install auth0 in a refine v3 project. Because I initially installed Google auth but I see Carbonspigotcan i get some help i bought carbonspigot and need the licensing