relaxed-coral
relaxed-coral2y ago

I am having issues using access control using cerbos

I have imported the example implementation of access controll using cerbos and it has code as follows :

message.txt

11 Replies
kapa.ai
kapa.ai2y ago
Hi @srinivasbhuvanagiri. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
relaxed-coral
relaxed-coralOP2y ago
i am not able to access resources
kapa.ai
kapa.ai2y ago
---------------------- It seems like you haven't provided the code you're referring to. However, based on the information extracts, I can provide you with an example implementation of access control using Cerbos in a refine project. First, install Cerbos: 
npm install cerbos
npm install cerbos
Then, create a Cerbos object in the App.tsx file and define it in <Refine>: 
import { Cerbos } from "cerbos";

const cerbos = new Cerbos({
  hostname: "<https://demo-pdp.cerbos.cloud",> // The Cerbos PDP instance
  playgroundInstance: "WS961950bd85QNYlAvTmJYubP0bqF7e3", // The playground instance ID to test
});

// ...

<Refine
  // ...
  accessControlProvider={{
    can: async ({ action, params, resource }) => {
      const cerbosPayload = {
        principal: {
          id: "demoUser", // Fake a user ID
          roles: [role],
          attr: {},
        },
        resource: {
          kind: resource,
          instances: {
            [params?.id || "new"]: {
              attr: params,
            },
          },
        },
        actions: [action],
      };
      const result = await cerbos.check(cerbosPayload);
      return Promise.resolve({
        can: result.isAuthorized(params?.id || "new", action),
      });
    },
  }}
  // ...
/>
import { Cerbos } from "cerbos";

const cerbos = new Cerbos({
  hostname: "<https://demo-pdp.cerbos.cloud",> // The Cerbos PDP instance
  playgroundInstance: "WS961950bd85QNYlAvTmJYubP0bqF7e3", // The playground instance ID to test
});

// ...

<Refine
  // ...
  accessControlProvider={{
    can: async ({ action, params, resource }) => {
      const cerbosPayload = {
        principal: {
          id: "demoUser", // Fake a user ID
          roles: [role],
          attr: {},
        },
        resource: {
          kind: resource,
          instances: {
            [params?.id || "new"]: {
              attr: params,
            },
          },
        },
        actions: [action],
      };
      const result = await cerbos.check(cerbosPayload);
      return Promise.resolve({
        can: result.isAuthorized(params?.id || "new", action),
      });
    },
  }}
  // ...
/>
This example demonstrates how to use refine and Cerbos to simplify access control management throughout your application. For more information, refer to the refine Access Control Provider documentation (https://refine.dev/docs/api-reference/core/providers/accessControl-provider/) and the Cerbos example source code (https://github.com/refinedev/refine/tree/master/examples/access-control-cerbos). ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
kapa.ai
kapa.ai2y ago
<@1016596495673339954> kapa.ai is still learning and improving, please let us how it did by reacting below
relaxed-coral
relaxed-coralOP2y ago
No description
relaxed-coral
relaxed-coralOP2y ago
can anyone please help me i am not able to implement cerbos role based authorization
conscious-sapphire
conscious-sapphire2y ago
Hey @srinivasbhuvanagiri have you tried using console.log to get information about what's not working? Maybe try to get some information about the answers that the cerbos client library provides like: console.log({ action, params, resource, result }) I think check the parameters that are being passed to cerbos would also make sense. Or using the library in isolation first to understand how it's working.
relaxed-coral
relaxed-coralOP2y ago
where do we define policies when we are using refine @bastianwegge how do we define policies
conscious-sapphire
conscious-sapphire2y ago
@srinivasbhuvanagiri everything related to your authorization will be defined within cerbos. Refine only leverages the library you're including to call a specific command like const result = await cerbos.check(cerbosPayload);. The result of that command can then be used like shown above by kapa.ai (like result.isAuthorized). accessControlProvider is basically a method to say "I want external authorization, here's how it looks like"
relaxed-coral
relaxed-coralOP2y ago
i am using cerbos admin api so how can i integrate it with refine @bastianwegge can you please help me out with cerbos admin api i am creating policies dynamically so i am not able to configure it with refine can anyone help me
conscious-sapphire
conscious-sapphire2y ago
@srinivasbhuvanagiri please either a concrete question or provide more information to work with, like some code inside of a codesandbox or on GitHub, otherwise we won't be able to help. Maybe take some time to read about the integration or look at the example here (https://refine.dev/docs/examples/access-control/cerbos/).

Did you find this page helpful?