This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2017-04-18
Channels
- # beginners (25)
- # boot (30)
- # cljs-dev (22)
- # cljsjs (2)
- # cljsrn (1)
- # clojars (4)
- # clojure (223)
- # clojure-boston (1)
- # clojure-dusseldorf (1)
- # clojure-gamedev (8)
- # clojure-italy (5)
- # clojure-russia (122)
- # clojure-sg (3)
- # clojure-spec (26)
- # clojure-uk (42)
- # clojurescript (69)
- # clojuresque (10)
- # core-async (25)
- # cursive (10)
- # datascript (5)
- # datomic (12)
- # emacs (18)
- # garden (1)
- # interop (1)
- # jobs (1)
- # jobs-discuss (10)
- # leiningen (2)
- # liberator (1)
- # lumo (21)
- # nyc (2)
- # off-topic (210)
- # om (11)
- # om-next (3)
- # onyx (1)
- # pedestal (6)
- # re-frame (10)
- # rum (9)
- # specter (38)
- # uncomplicate (1)
- # vim (23)
- # yada (22)
I'm looking at Yada RBAC, and trying to figure out if I can use it for a multi-tenant application with permissions the user assigns to resources?
It seems like that may be better as ABAC?
e.g. there are dynamic folders that users can create and they can give other users different levels of permissions on the folder
I could do something like #{:folder-1-get :folder-2-write}, but that seems a bit of a code smell
Not sure I understand the question @danielcompton, but it's pretty simple to define your own authorization functions 🙂
Hi All, How can i get the json body as a input stream rather than a map inside a resource function?
yeah I think my own authz functions will be simplest
My experience learning Bidi routing
Lisp programmers seem to cope with nested parenthesis but nested brackets is an entirely new concept.
@vijayakkineni you can access the plain req in the ctx under the :request key (or something similar) You could also disable the json multi method so it did no parsing!
@dominicm thank you, I just wanted to get hold of the raw input stream and pass it on to protobuf. Didn't want an additional step of map conversion.
@vijayakkineni Makes sense. Yeah, it's tucked in the request. Might be a more standard place to get it, I'd check the impl of the JSON handler in yada (I'm on mobile) You might be interested in yada/lean
sure, thank you.
@danielcompton ABAC is the default in yada. Look at the order of interceptors. Authentication comes first, that strp establishes the veracity of the request's credentials independent of the resource targetted. You could also perform RBAC in this step to prevent further progress through the interceptor chain. The next step is the resource's properties are then loaded. This is possibly expensive, as it may require a database visit or equiv. Then the authorization step happens. This can utilize the properties loaded in the previous step to restrict access, which allows for ABAC schemes.
Blog articles explaining the above in detail are in the pipelinw
@malcolmsparks in https://juxt.pro/blog/posts/yada-authentication.html?access-token=mellon, it says > (You can return anything you like in this map, but the default RBAC authorization implementation uses the :roles entry to compare against the declared :authoriation entry in the resource, so in this case we return a set of roles: #{:user}
so I assumed RBAC was the default
but I understand what you mean about combining in ABAC