Welcome everyone! After a long break caused by turbulent events in my life, I finally found time and inspiration to complete the series of articles about access control using Casbin. In this second and final part, we'll dive into practical implementation and look at a specific example of using this powerful library together with my own open-source project Guard.

Despite having limited time for writing technical articles lately, I continued working on tools that can make life easier for Go developers. And today I'm happy to share the results of this work with you.

Introduction

In the previous part, we looked at basic concepts of access control and different approaches to its implementation. Now we'll focus on the practical implementation of a three-level access control system using Casbin.

Open-source project "Guard"

Guard is a library that simplifies working with Casbin in Go projects and provides a convenient interface for implementing access control.

Code on Github

https://github.com/uagolang/guard

<aside> ⚠️

If you want to contribute: add new factories, found bugs, etc. - welcome!

</aside>

So, Guard provides its own factory for creating multi-level authorization, which significantly simplifies working with Casbin in Go. This implementation covers most typical use cases.

Additionally, Guard allows creating custom authorization implementations through the Factory interface:

type Factory interface {
    Scope(data ScopeData) Scope
    SubjectUser(id string) Subject
    SubjectRole(tenantID, id string) Subject
    SubjectGroup(tenantID, id string) Subject
    Object(s Scope, p Perm) Object
    GroupPolicy(sub, role Subject) GroupPolicy
    PolicyFromCasbin(p []string) (Policy, error)
    RolePolicyFromCasbin(p []string) (RolePolicy, error)
    RolePoliciesFromCasbin(p [][]string) ([]RolePolicy, error)
    GroupPolicyFromCasbin(p []string) (GroupPolicy, error)
}

This interface provides the ability to:

• Create custom scopes to limit access context
• Define different types of subjects: users, roles, and groups
• Configure access objects and their policies
• Convert Casbin rules to Guard format and vice versa

Thanks to this flexibility, you as developers can adapt Guard to your project's specific needs while maintaining all the benefits of using Casbin.

Usage Example

Let's look at an example of using Guard. Just go to the guard/examples/tenant/main.go file and review it: