R
Refine

ask-any-question

Access control

Ffascinating-indigo10/19/2023
hello! We are using keycloak and want to add roles to our application how can this be done? should I do this via keycloak or should I combine keycloak with cerbos|casbin somehow?
Kkapa.ai10/19/2023
Hi @lowcodefirst. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- Hmm, I don't know enough to give you a confident answer yet. The information extracts provided are primarily about implementing Role Based Access Control (RBAC) using Casbin with the refine framework. They don't specifically mention Keycloak or Cerbos. However, in the context of refine, you can implement RBAC using Casbin. This involves defining a model and policies for your roles, and then implementing the can method for accessControlProvider to integrate your policy. You can use the authProvider.getPermissions method to fetch roles from the backend. Here is an example of how you can define a model and a policy for a role:
import { newModel, StringAdapter } from "casbin";

export const model = newModel(`
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
`);

export const adapter = new MemoryAdapter(`
p, editor, posts, list
`);
import { newModel, StringAdapter } from "casbin";

export const model = newModel(`
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
`);

export const adapter = new MemoryAdapter(`
p, editor, posts, list
`);
And here is how you can implement the can method for accessControlProvider:
import { newEnforcer } from "casbin";

import { model, adapter } from "./accessControl";

const App: React.FC = () => {
return (
<BrowserRouter>
<Refine
accessControlProvider={{
can: async ({ resource, action }) => {
const enforcer = await newEnforcer(model, adapter);
const can = await enforcer.enforce(
"editor",
resource,
action,
);

return { can };
},
}}
//...
>
{/* ... */}
</Refine>
</BrowserRouter>
);
};

export default App;
import { newEnforcer } from "casbin";

import { model, adapter } from "./accessControl";

const App: React.FC = () => {
return (
<BrowserRouter>
<Refine
accessControlProvider={{
can: async ({ resource, action }) => {
const enforcer = await newEnforcer(model, adapter);
const can = await enforcer.enforce(
"editor",
resource,
action,
);

return { can };
},
}}
//...
>
{/* ... */}
</Refine>
</BrowserRouter>
);
};

export default App;
For more information, you can refer to the refine documentation on Access Control (https://refine.dev/docs/advanced-tutorials/access-control/) and the refine blog post on implementing RBAC with Casbin (https://refine.dev/blog/refine-pixels-6/). As for integrating Keycloak or Cerbos with refine, you might need to refer to their respective documentation or seek advice from their communities. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
Kkapa.ai10/19/2023
<@884892371525971999> kapa.ai is still learning and improving, please let us know how it did by reacting below
Nnarrow-beige10/30/2023
Hello @lowcodefirst, that's not a question directly for refine but I think your suggestion is correct. You need to store your "roles" somewhere in your auth provider, and keep it under user data, then with something like cerbos/casbin, you can authorize user based on resource.
Ffascinating-indigo11/20/2023
Hi! Thank you. Yes, I have sorted out this issue and I get the roles... But I used keycloak and Casbin and casbin gave an error I don't remember exactly how it sounded, but what was related to using Bufer in the browser when I set it up, I followed the guide in your blog and it said about this error and that you need to install a polyfile... but it still didn't work for me (( Then I cloned your solution from the blog, everything worked, but as I added keycloak, an error appeared again and it came from Casbin.... I'm sorry that I can't show an example of the project and the code. But it is

Looking for more? Join the community!

R
Refine

ask-any-question

Join Server