Permissions
QOR5 permission is based on https://github.com/ory/ladon.
A piece of policy looks like this:
Who is able to do what on something (with given some context)
Who - Subject
Typically in admin system, they are roles like Admin
, Super Admin
.
Use SubjectsFunc
to fetch current subjects:
Able - Effect
- perm.Allowed
- perm.Denied
What - Action
presets has a list of actions:
- presets.PermList
- presets.PermGet
- presets.PermCreate
- presets.PermUpdate
- presets.PermDelete
And you can define other specific actions if needed.
Something - Resource
An arbitrary unique resource name.
The presets builtin resource format is :presets:mg_menu_group:uri:resource_rn:f_field:
.
For example :presets:user_management:users:1:
represents the user record with id 1 under uri user_management.
Use *
as wildcard.
Context - Condition
Optional.
The current context that containing condition information about the resource.
Use ContextFunc
to set the context:
Policy uses Given
to set conditions:
Custom Action
Let's say there is a button on User detailing page used to ban the user. And only super_admin
users have permission to execute this action.
First, create a verifier
Then inject this verifier to relevant logic, such as
- whether to show the ban button.
- validate permission before execute the ban action.
Finally, add policy
Example
Debug
prints permission logs which is very helpful for debugging the permission policies: