Some factors where merely psychological, such a mistrust due to misleading partners listed in the website that should use the lib.
For instance one logo is the one of SpaceX, which sadly is just a user group, nothing official.
Another mention is Google which I didn’t find any relevant code that gives a hint that Casbin is used by Google in production.
Someone mentions shortcuts in codes; well didn’t got the time to find back all the notes.
But we find several bugs mainly in the implementations that lead us to look somewhere else.
We end-up with CASL.
That doesn’t mean that I don’t like to use Casbin, but already cost me to much time of debugging.
But let me leave with a disclaimer for a later me:
Code mutates like nature does, what it might be true today might be false tomorrow and viceversa, and if you got the time to improve it, just use it.
Don’t get bend by this merely opinion and just investigate and form your own, and always give a second chance, because times changes everything, and sometimes nothing changes.
Agree. I ended up going with https://www.openpolicyagent.org/ - it's way, way, way easier to use and integrate with. Policies read better. They're easier to write. They're individually unit testable. The API for OPA is better. Generally I'd recommend OPA over casbin in a heartbeat.
I also evaluated it and implemented an ABAC system for our Node.js app with Casbin in a day. The tooling wasn’t perfect and I probably took a shortcut or two, but I didn’t see any red flags that’d actively make me recommend others not use it, so I’m interested in what you found.
We gave it a try, but got rid of it because we couldn't make it perform well for our usecase. This was quite specific to the implementation and matcher that we used (pycasbin + keyMatcher), having just a few thousand rules ruined our API response times.
For instance one logo is the one of SpaceX, which sadly is just a user group, nothing official. Another mention is Google which I didn’t find any relevant code that gives a hint that Casbin is used by Google in production.
Someone mentions shortcuts in codes; well didn’t got the time to find back all the notes.
But we find several bugs mainly in the implementations that lead us to look somewhere else.
We end-up with CASL.
That doesn’t mean that I don’t like to use Casbin, but already cost me to much time of debugging.
But let me leave with a disclaimer for a later me:
Code mutates like nature does, what it might be true today might be false tomorrow and viceversa, and if you got the time to improve it, just use it.
Don’t get bend by this merely opinion and just investigate and form your own, and always give a second chance, because times changes everything, and sometimes nothing changes.