Casbin poc 2 -Alternate UI and db schema option

[deepaksftc]

Description

#1410 is the main proof of concept for implementing Casbin in UOP. This POC covers an alternate approach for permissions management page UI and db schema from that of one covered in Casbin POC.

Motivation

Casbin would require a 'casbin_rule' table/view to do its internal logics, in which we have only limited columns with not-so user friendly naming. In the main Casbin POC PR, we have explored the option of storing the policies in JSON format within another table 'casbin_conditions' and then reference it in 'casbin_rule' default table. In this PR, we have tried to explore the possibility of having 'casbin_rule' as a view and have a more user friendly table 'policies' which can be mapped one to one from the fields in permissions management page table. The script for creating the 'casbin_rule' view will handle the conversion logic to transform the columns in 'policies' table to casbin required format which is needed for 'casbin_rule'. This could help us to avoid the conversion part of transforming to/from the JSON format while we need to get/save the individual attributes for a particular policy and could also increase the performance for each backend calls.

It covers the following use cases:

1. Alternate UI design for permissions management page
2. Alternate db schema

Use cases

Database

1. Added 'policies' table where,

   • we can have separate column for each policy attributes and its operators
   • we can have N number of policy attributes
   • the fields are mapped directly from the permissions management page table
   • the fields can be fetched directly from the DB for a particular role-resource-action combination, which can be used for populating filters before actual db call.

2. Created a view which will transform the attributes and operators in 'policies' table to casbin required model. This view will just be used by casbin for its internal access checks.

Permissions management Page

1. Added a permissions table to set permissions at attribute level

2. While creating/updating a permission, we get an option to choose the attribute values from pre loaded drop down list. (Only fetch permissions in implemented in this POC. Create and update not implemented yet)

3. We can have multiple values for any attribute, which could be accompanied by an operator value to decide if it's a AND /OR.

4. Conditions that doesn't fit in to any of the attribute columns can be added as a condition in condition filter

[Scott-James-Hurley]

cool stuff

[yoganandaness]

@Scott-James-Hurley @simonfernandes @deepaksftc Thanks for the insightful work. As of now, the stakeholders are reviewing at the current implementation of Dynamic Roles using tags. Until we have a decision from them, the POC's of Casbin and Casl can stay here as is.

If there is a decision to go with Advanced dynamic roles, these POCs are going to be a GEM.

Thank you again.