does anybody understand oso | NestJS | Page 1

smoky matrix Feb 3, 2023, 5:26 PM

#

I'm not familiar with it, but it seems to be another language

#

Bet we could figure something out

tropic valley Feb 6, 2023, 7:02 AM

#

smoky matrix Bet we could figure something out

Greatly apreciate it

#

I will notify you when i'm at my laptop

tropic valley Feb 6, 2023, 9:14 AM

#

smoky matrix Bet we could figure something out

ok finally at my laptop

tropic valley Feb 6, 2023, 9:33 AM

#

i have setup a test controller with the osoService implemented
and made a basic .polar file like this

allow(user: User, "read", account: Account) if
  user matches User and
  account.uid = user.id;

and applied the @OsoClass() on my User and Account class
first problem is even when that decorator is applied

oso still not regonize recognize User and Account class
when i try to test it out

tropic valley Feb 6, 2023, 2:33 PM

#

i have this dto schema like this

export class User implements prismaUser {
  @IsInt()
  id: number;
  @IsAlpha()
  @Length(2, 20)
  firstName: string;
  @IsAlpha()
  @Length(2, 20)
  lastName: string;
  @IsEmail()
  email: string;
  @IsStrongPassword({
    minLength: 8,
    minLowercase: 1,
    minUppercase: 1,
    minNumbers: 1,
    minSymbols: 1,
  })
  password: string;
  role: Role;
  @IsMimeType({
    groups: ['image/jpeg', 'image/png'],
  })
  avatar: string;
  @IsDate()
  createdAt: Date;
  @IsDate()
  updatedAt: Date;
}

and tried to apply the @OsoClass() decorator to it but still not working

prismaUser a rename from what the name applies
prisma...

still agate Feb 7, 2023, 1:07 AM

#

@tropic valley I'm not that familiar with Oso.
But did you define your actors and resources?

#

These parts of the oso doc

#

This part seems to be taken care of by the decorator

#

From the nestjs-oso repository.
oso.service.ts file

tropic valley Feb 7, 2023, 9:48 AM

#

still agate These parts of the oso doc

untill some degree yes
but i'm not sure what is part of rbac and what not

because i'm not trying to make my system be base don roles

tropic valley Feb 8, 2023, 11:39 AM

#

getting somewhere
but i have the feeling the actor that is defined needs to be populated but with what is the question
there is nothing the docs tell about or sample either

tropic valley Feb 9, 2023, 10:49 AM

#

so... what now?

tropic valley Feb 9, 2023, 1:24 PM

#

this .polar keeps returning false and idk why

allow(actor, action, resource) if
  has_permission(actor, action, resource);

actor User {}

resource Account {
  permissions = ["read", "push", "delete"];
  roles = ["user", "maintainer", "admin"];

  "read" if "user";
  "push" if "maintainer";
  "delete" if "admin";

  "user" if "maintainer";
  "maintainer" if "admin";
}

has_role(actor: User, role_name: String, repository: Account) if
  role_name = actor.role and
  repository = "account";

the controller

@Get('test')
  async test() {
    const user = await this.userService.findById(2);
    const account = await this.accountService.findById(2);
    return await this.osoService.isAllowed(user, 'read', account);// false
    //return account.uid === user.id;
  }

tropic valley Feb 9, 2023, 1:28 PM

#

smoky matrix Bet we could figure something out

you are the only one i can bet on that actually would do so 😅

#

change that, i can bet you are the only one here that can help me at this point
have been stuck on this for days now

#does anybody understand oso