-
|
I would like to change roles/permission from a Rest API. Currently, it seems that The tables used to manage permissions could use hard-coded roles like "SuperAdmin" or "God" for example, but if user X wants to create group Y and allow resource Z to be read by that group, it would need to be coded inside the schema, right? Think phpBB or Wordpress permission system I guess. I can create group, assign permission and voilà. Can someone enlighten me on how I can recreate such AC with ZenStack? Or is it simply impossible? Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
Hi @Extarys , Could you check if this zmodel is close to what you want? https://github.com/zenstackhq/sample-todo-nextjs/blob/main/schema.zmodel It's a multi-tenant Todo app, in which users can create groups, and invite members and set roles to them. The roles control how they can manage members, but it can be extended to determine permissions on resources as well (e.g., |
Beta Was this translation helpful? Give feedback.
-
|
Hi, sorry for the delay. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @Extarys , We've recently created a set of sample ZModels for common authorization patterns. Could you check if the RBAC sample is close to your needs? The roles are dynamic. It lacks a Group layer but that can be easily added. https://github.com/zenstackhq/authz-modeling-samples/tree/main/samples/simple-rbac |
Beta Was this translation helpful? Give feedback.
-
Btw the companion blog post is here: https://zenstack.dev/blog/model-authz |
Beta Was this translation helpful? Give feedback.
Hi @Extarys ,
We've recently created a set of sample ZModels for common authorization patterns. Could you check if the RBAC sample is close to your needs? The roles are dynamic. It lacks a Group layer but that can be easily added.
https://github.com/zenstackhq/authz-modeling-samples/tree/main/samples/simple-rbac