CASL. Isomorphic Authorization JavaScrip... | Permify | Page 1

sharp turtle May 8, 2024, 9:33 PM

#

Hi @dire crescent, to achieve what you described, you can utilize the Subject Permission List(https://docs.permify.co/api-reference/permission/subject-permission) endpoint. This endpoint allows you to query permissions in the form of "Which permissions can user:x perform on entity:y?". The response you receive will list the permissions specific to the user for the given entity, returned in the format of a map.

Here's how you can use it:

cr, err: = client.Permission.SubjectPermission(context.Background(), &v1.PermissionSubjectPermissionRequest {
    TenantId: "t1",
    Metadata: &v1.PermissionSubjectPermissionRequestMetadata {
        SnapToken: "",
        SchemaVersion: "",
        OnlyPermission: false,
        Depth: 20,
    },
    Entity: &v1.Entity {
        Type: "repository",
        Id: "1",
    },
    Subject: &v1.Subject {
        Type: "user",
        Id: "1",
    },
})```
In the response, you will receive a map of permissions and their statuses directly. The structure is map[string]CheckResult, such as "sample-permission" -> "ALLOWED". This represents the permissions and their associated states in a key-value pair format.

This approach allows you to dynamically adjust your UI components based on the user's permissions by fetching this permissions map and using it to conditionally render UI elements.

#

let me know if this doesn't cover your needs.

dire crescent May 8, 2024, 10:35 PM

#

@sharp turtle Thank you for the quick response! They way I understand it, with the Subject Permission List API you can only pass 1 entity, so if you wanted to check, lets say, 10 entities, you would need to call the API endpoint 10 times. Am I understanding this correctly?

sharp turtle May 8, 2024, 10:41 PM

#

Yes its correct. The Subject Permission List endpoint allows you to inquire about the permissions a subject (user:x) can perform on a single entity (entity:y) at one time. If you want to check permissions across multiple entities, you indeed need to make separate API calls for each entity.

#

Does this create a problem on your side? If so maybe we could enhance this to be able to handle bulk operations

dire crescent May 8, 2024, 11:18 PM

#

I think for now, I can get away with this as my entity list is small, but as it grows it would be needed.

I think if there was a bulk operation to do this it would be absolutely amazing. I'm operating in a high security environment and I think there would be some invaluable features I could build for our use cases if I could get access to that information up front.

For example, being able to see, in a node graph view, or something like "x amount of users will have access to this resource if you apply these permissions", or which users will have access to a resource if I add a permission

#

But in this case, @react/casl would need all the subject permission lists up front

sharp turtle May 10, 2024, 2:34 PM

#

Makes sense. We can add the feature we discussed to our roadmap. Also we'd love to learn more about your use case as well as your feedback for potential features that might help to improve our product. Would you be against a quick call for next week on your availability to discuss these.

dire crescent May 10, 2024, 7:51 PM

#

@sharp turtle Would love to hop on a call!

sharp turtle May 13, 2024, 10:59 AM

#

Hi @dire crescent, here is our calendar: https://calendly.com/d/cj79-kyf-b4z

#CASL. Isomorphic Authorization JavaScrip...