RBAC how-to?

In robotics, it's common to have monitor, operator and admin roles. Is there a good how-to on how to set this up?
6 Replies
martinsos
martinsos16mo ago
We are planning to add RBAC/ABAC support to Wasp in the future, so it comes with it already built-in, since it is such a common feature, but at the moment the best solution is to do it on your own. You could do something simple, such as add role field into the User entity (or whatever entity you are using as the "user" entity), and then check the role at appropriate place in your queries/actions. There are also libraries that might be helpful with this instead of rolling it all on your own, like https://casl.js.org/v5/en/ .
CASL. Isomorphic Authorization JavaScript library
CASL (pronounced /ˈkæsəl/, like castle) is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access. It's designed to be incrementally adoptable and can easily scale between a simple claim based and fully featured subject and attribute based authorization. It makes it easy to manage and shar...
Chris Paliqaw
Chris PaliqawOP16mo ago
understood. Can't wait for the built-in RBAC!
MEE6
MEE616mo ago
Wohooo @Chris Paliqaw, you just became a Waspeteer level 1!
martinsos
martinsos16mo ago
Same here! I am pretty excited about it, the main thing that postponed that effort is that we wanted to integrate it really well with Entities in Wasp, validation, ... -> and for that, we need yet to first upgrade some features on that side to a higher level. So it is all part of a bigger picture, but we are consistently building toward it, and it will be very existing once it all clicks together!
Chris Paliqaw
Chris PaliqawOP16mo ago
Do you have a time frame for RBAC?
martinsos
martinsos16mo ago
Nothing fixed yet, as it needs us to progress on a couple of other fronts. Optimistically, I would love it to happen in the next 6 months. Realistically, it might take longer till we get to it. But I am confident we will do it because it is quite a valuable feature that I think Wasp is in a great position to implement well.
Want results from more Discord servers?
Add your server