flask-authz icon indicating copy to clipboard operation
flask-authz copied to clipboard

Published 20 hours ago verified publisher icon pycasbin

Support setting Owner Username for Audit logging when using owner_loader

Open daobeng opened this issue 3 years ago • 3 comments

when using owner_loader instead of 'CABSIN_OWNER_HEADERS' (request headers in general), there seems to be no way to set the owner's username for audit logging. Can we provide support for setting an owner name when using owner_loader preferably outside of request headers?

daobeng avatar Jun 08 '21 19:06 daobeng

@jessecooper @dfresh613

hsluoyz avatar Jun 10 '21 05:06 hsluoyz

Definitely seems like we should audit the enforce attempts for owner_loader in the same way we do for headers.

Seems like a pretty straightforward re-factor:

  • extract calls of self.e.enforce from casbin_enforcer.py into a separate function try_enforce
  • try_enforce method can consistently log audit messages without duplicating log code

We encourage PRs for improvements like this. If this is a feature that will benefit your use case, maybe you can take a shot at it @daobeng

dfresh613 avatar Jun 10 '21 22:06 dfresh613

@Nekotoxin

/cc @leeqvip

hsluoyz avatar Aug 28 '22 14:08 hsluoyz

@daobeng Hello, you can try to set username as follow to resolve the problem. image

Nekotoxin avatar Sep 03 '22 12:09 Nekotoxin

Closed as resolved

hsluoyz avatar Sep 03 '22 12:09 hsluoyz