Permissions

QOR5 permission is based on https://github.com/ory/ladon.
A piece of policy looks like this:
Who is able to do what on something (with given some context)

Who - Subject

Typically in admin system, they are roles like Admin, Super Admin.
Use SubjectsFunc to fetch current subjects:

Able - Effect

  • perm.Allowed
  • perm.Denied

What - Action

presets has a list of actions:

  • presets.PermList
  • presets.PermGet
  • presets.PermCreate
  • presets.PermUpdate
  • presets.PermDelete

And you can define other specific actions if needed.

Something - Resource

An arbitrary unique resource name.
The presets builtin resource format is :presets:mg_menu_group:uri:resource_rn:f_field:.
For example :presets:user_management:users:1: represents the user record with id 1 under uri user_management.
Use * as wildcard.

Context - Condition

Optional.
The current context that containing condition information about the resource.
Use ContextFunc to set the context:

Policy uses Given to set conditions:

Custom Action

Let's say there is a button on User detailing page used to ban the user. And only super_admin users have permission to execute this action.
First, create a verifier

Then inject this verifier to relevant logic, such as

  • whether to show the ban button.
  • validate permission before execute the ban action.

Finally, add policy

Example

Debug

prints permission logs which is very helpful for debugging the permission policies: