Casbin: an authorization library that supports access control models like ACL, RBAC, ABAC

[Yang Luo]

Hi there,

casbin (https://github.com/casbin/casbin) is a powerful and efficient open-source access control library for Golang projects. It provides support for enforcing authorization based on various models. By far, the access control models supported by casbin are:

1. ACL (Access Control List)
2. ACL with superuser
3. ACL without users: especially useful for systems that don't have authentication or user log-ins.
4. ACL without resources: some scenarios may target for a type of resources instead of an individual resource by using permissions like write-article, read-log. It doesn't control the access to a specific article or log.
5. RBAC (Role-Based Access Control)
6. RBAC with resource roles: both users and resources can have roles (or groups) at the same time.
7. ABAC (Attribute-Based Access Control)
8. RESTful

Features

What casbin does:

1. enforce the policy in the classic {subject, object, action} form or a customized form as you defined.
2. handle the storage of the access control model and its policy.
3. manage the role-user mappings and role-role mappings (aka role hierarchy in RBAC).
4. support built-in superuser like root or administrator. A superuser can do anything without explict permissions.
5. multiple built-in operators to support the rule matching. For example, keyMatch can map a resource key /foo/bar to the pattern /foo*.

What casbin does NOT do:

1. authentication (aka verify username and password when a user logs in)
2. manage the list of users or roles. I believe it's more convenient for the project itself to manage these entities. Users usually have their passwords, and casbin is not designed as a password container. However, casbin stores the user-role mapping for the RBAC scenario.

Installation

go get github.com/casbin/casbin

Please advise, raise your issues and star, thanks!