Thanks for the reply. I suppose as I’m currently trying to implement permissions I’m stuck wondering if Redwood becomes opinionated about this, will my solution clash with CASL if that becomes the standard? Right now, I know of 3 different ways to do this and I’m not sure which route to pick:
or a library like CASL or Casbin, as you mentioned.
const sub = 'alice'; // the user that wants to access a resource.
const obj = 'data1'; // the resource that is going to be accessed.
const act = 'read'; // the operation that the user performs on the resource.
// Async:
const res = await enforcer.enforce(sub, obj, act);
// Sync:
// const res = enforcer.enforceSync(sub, obj, act);
if (res) {
// permit alice to read data1
} else {
// deny the request, show an error
}
const roles = await enforcer.getRolesForUser('alice');