rushitote opened a new pull request #4710: URL: https://github.com/apache/apisix/pull/4710
### What this PR does / why we need it: <!--- Why is this change required? What problem does it solve? --> <!--- If it fixes an open issue, please link to the issue here. --> fix: #4674 This PR adds an authorization plugin: `authz-casbin` to APISIX. This is based on Lua Casbin which is the Lua implementation of Casbin library. The plugin supports enforcement of powerful authorization scenarios based on various access control models supported by Casbin. The plugin works on the basis of a model file and a policy file. The model acts as a configuration for the policies and policy enforcement. The plugin currently also supports direct model/policy text in absence of files through plugin metadata. An example of authz model is: ```conf [request_definition] r = sub, obj, act [policy_definition] p = sub, obj, act [role_definition] g = _, _ [policy_effect] e = some(where (p.eft == allow)) [matchers] m = (g(r.sub, p.sub) || keyMatch(r.sub, p.sub)) && keyMatch(r.obj, p.obj) && keyMatch(r.act, p.act) ``` And example of authz policy is: ``` p, *, /, GET p, admin, *, * g, alice, admin ``` This means that any user (subject) can access the homepage which is at `/` via `GET` request but only admins can a access other pages and use other request methods. And here, as defined in policy `alice` has a role as `admin` and hence she has admin access. ### Pre-submission checklist: * [x] Did you explain what problem does this PR solve? Or what new features have been added? * [x] Have you added corresponding test cases? * [x] Have you modified the corresponding document? * [x] Is this PR backward compatible? **If it is not backward compatible, please discuss on the [mailing list](https://github.com/apache/apisix/tree/master#community) first** -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
