I use Casbin as authorization library for my REST API, written in Go.
To load the policy from my Mongo database, I use MongoDB Adapter.
A single policy Mongo document looks like this:
{
"_id": {
"$oid": "639491f73e4c9bec05a1d1ec"
},
"ptype": "p",
"v0": "admin",
"v1": "laptops",
"v2": "read",
"v3": "",
"v4": "",
"v5": ""
}
In my business logic, I validate if the user can access (read) laptops:
// Resolves to true
if can, _ := e.Enforce(user, "laptops", "read"); can {
...
This works fine.
The problem now is when I delete the policy document, I would expect that I'm not allowed to access laptops anymore. This is only the case when I restart my application.
Thus, it appears that the Enforce checks are not being evaluated real-time.
As a workaround, I could call the LoadPolicy method as soon as the request comes in but this looks like a dirty hack to me.
I would really appreciate some help / suggestions.