Prefered way to use casbin in a web framework with lots of users?

[akhilmhdh]

Hey there,

We were going through casbin for our new permission system, and loved the features it provides. But one thing that has been bothering us is the policies.

So each user in an organization will add their contribution to policies in one way or another, and the policies will keep on growing.

We went through the code and saw that, most of the examples use LoadPolicy which loads up the entire db into into in memory.

Then there was LoadFilteredPolicy which LazyLoad. We wanted to use LoadFilteredPolicy but the major doubt is can we create an enforcer instance per request.

That is

1. A request comes in -> Using a middleware create a FilteredPolicy enforcer which could be for a domain like org or user
2. This will be used just that request context.
3. Repeat for next request. Use caching to save number of db hits

We know the express-authz, and other framework integrations are provided by the amazing casbin team. But all those does loadPolicy. Read other similiar Github Issues but still didn't had proper answer on the filtered part. Sorry if we missed any important thread or documentation.

Same happened inside documentation, policy subset loading did ans this loading feature, but then how would you save to db without loading entire database.

Thank you