genetic-orange
genetic-orange10mo ago

Access control

hello! We are using keycloak and want to add roles to our application how can this be done? should I do this via keycloak or should I combine keycloak with cerbos|casbin somehow?
4 Replies
kapa.ai
kapa.ai10mo ago
Hi @lowcodefirst. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- Hmm, I don't know enough to give you a confident answer yet. The information extracts provided are primarily about implementing Role Based Access Control (RBAC) using Casbin with the refine framework. They don't specifically mention Keycloak or Cerbos. However, in the context of refine, you can implement RBAC using Casbin. This involves defining a model and policies for your roles, and then implementing the can method for accessControlProvider to integrate your policy. You can use the authProvider.getPermissions method to fetch roles from the backend. Here is an example of how you can define a model and a policy for a role: 
import { newModel, StringAdapter } from "casbin";  
  
export const model = newModel(`  
[request_definition]  
r = sub, obj, act  
  
[policy_definition]  
p = sub, obj, act  
  
[role_definition]  
g = _, _  
  
[policy_effect]  
e = some(where (p.eft == allow))  
  
[matchers]  
m = g(r.sub, p.sub) && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)  
`);  
  
export const adapter = new MemoryAdapter(`  
p, editor, posts, list  
`);  
import { newModel, StringAdapter } from "casbin";  
  
export const model = newModel(`  
[request_definition]  
r = sub, obj, act  
  
[policy_definition]  
p = sub, obj, act  
  
[role_definition]  
g = _, _  
  
[policy_effect]  
e = some(where (p.eft == allow))  
  
[matchers]  
m = g(r.sub, p.sub) && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)  
`);  
  
export const adapter = new MemoryAdapter(`  
p, editor, posts, list  
`);
And here is how you can implement the can method for accessControlProvider: 
import { newEnforcer } from "casbin";  
  
import { model, adapter } from "./accessControl";  
  
const App: React.FC = () => {  
 return (  
 <BrowserRouter>  
 <Refine  
 accessControlProvider={{  
 can: async ({ resource, action }) => {  
 const enforcer = await newEnforcer(model, adapter);  
 const can = await enforcer.enforce(  
 "editor",  
 resource,  
 action,  
 );  
  
 return { can };  
 },  
 }}  
 //...  
 >  
 {/* ... */}  
 </Refine>  
 </BrowserRouter>  
 );  
};  
  
export default App;  
import { newEnforcer } from "casbin";  
  
import { model, adapter } from "./accessControl";  
  
const App: React.FC = () => {  
 return (  
 <BrowserRouter>  
 <Refine  
 accessControlProvider={{  
 can: async ({ resource, action }) => {  
 const enforcer = await newEnforcer(model, adapter);  
 const can = await enforcer.enforce(  
 "editor",  
 resource,  
 action,  
 );  
  
 return { can };  
 },  
 }}  
 //...  
 >  
 {/* ... */}  
 </Refine>  
 </BrowserRouter>  
 );  
};  
  
export default App;
For more information, you can refer to the refine documentation on Access Control (https://refine.dev/docs/advanced-tutorials/access-control/) and the refine blog post on implementing RBAC with Casbin (https://refine.dev/blog/refine-pixels-6/). As for integrating Keycloak or Cerbos with refine, you might need to refer to their respective documentation or seek advice from their communities. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
kapa.ai
kapa.ai10mo ago
<@884892371525971999> kapa.ai is still learning and improving, please let us know how it did by reacting below
xenial-black
xenial-black10mo ago
Hello @lowcodefirst, that's not a question directly for refine but I think your suggestion is correct. You need to store your "roles" somewhere in your auth provider, and keep it under user data, then with something like cerbos/casbin, you can authorize user based on resource.
genetic-orange
genetic-orange9mo ago
Hi! Thank you. Yes, I have sorted out this issue and I get the roles... But I used keycloak and Casbin and casbin gave an error I don't remember exactly how it sounded, but what was related to using Bufer in the browser when I set it up, I followed the guide in your blog and it said about this error and that you need to install a polyfile... but it still didn't work for me (( Then I cloned your solution from the blog, everything worked, but as I added keycloak, an error appeared again and it came from Casbin.... I'm sorry that I can't show an example of the project and the code. But it is
More Posts
create refine, keep on page instead of navigate to listhow to keep on create page to countinue creating instead of navigate to listModalForm - Call Refetch on SuccessHi! I have a modalform using useModalForm, and a separate function refetch(). How could I get refAxiosIs it possible to use a never version than axios 0.26 to implement a data provider?Routecreate a nested menu or dropdown for your resources in RefineHow to define a custom api endpoint for a resource?I have a resource ``` { name: "suppliers", list: "/dashboardautocompleteconsole.js:213 MUI: A component is changing the uncontrolled value state of Autocomplete to be contrautocomplete<Controller control={control} name="status" render={autocomplete<Autocomplete {...field} options={statusOptions} deploy to electronHow can i deploy my refine app to electronAutocomplete<Controller control={control} name="status" render={