How dose g(r.sub, p.sub) work?

[txjjjjj]

m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act 
# defines the workflow of authorization:
1. check user's role 
2. check the resource which user is trying to access
3. check the action of user.

can u explain how dose this 1. check user's role work ?
why should we pass r.sub and p.sub info g() when we check if a user belongs to a group?
if a user do not belong to a group just return faild?

[maxwellhertz]

m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act 
# defines the workflow of authorization:
1. check user's role 
2. check the resource which user is trying to access
3. check the action of user.

can u explain how dose this 1. check user's role work ?
why should we pass r.sub and p.sub info g() when we check if a user belongs to a group?
if a user do not belong to a group just return faild?

Hi, mmaotai. I haven't dived into the source code of Casbin yet but my instinct tells me that you're right.

[hsluoyz]

@mmaotai you are right. See the docs: https://casbin.org/docs/en/rbac

[txjjjjj]

@mmaotai you are right. See the docs: casbin.org/docs/en/rbac

I have to say, its documents are really unfriendly.

It's a great tool,
Can you write the document and the case more clearly?

[hsluoyz]

@mmaotai can you describe which part of docs needs to be improved.