[Status] - UnresolvedDetails: No, I don't want to use a RBAC library.Ok, so based on all the research so far, I've come down to this. (assuming each model has a autogenerated ID)UserModel: ... roles: [] RolesModel _id: (autogenerated) roleID: Number (ex: SuperAdmin = 0, Admin = 1, Mod = 2, User = 3) permissions: [object array of permissions] Permission Model operation: [ex: anything falling under CRUD] resource: String (ex: blog_post) Operation Model operationID: (CRUD = 0, 1, 2, 3 respectively) name: String (ex: create) Resource Model _id: (autogenerated) name: String (ex: blog_post) Let's say I made a /createPost route and only SuperAdmin, Admin, and Mod can POST to it.route.POST('/createPost', is('superadmin', 'admin', 'mod'), function(req, res) { //the goods to check, create, and save post to db }); In this case, my RBAC middleware function: is(). So the model translation is "SuperAdmin, Admin, and Mod has the permission to perform the operation (which is to CREATE) on the resource (which is [a] 'blog_post')."The Thing I'm Stuck OnHow do I correlate the ResourceModel.name to the route? Like... how does the program know that this resource "blog_post" is actually the route we're in? I'm not sure if you understand me, but this is the best I can do to explain the predicament I'm in :'( ... like how does it know this "blog_post" label is actually for the specified route and not just any other route?
Submitted July 09, 2018 at 08:41AM by ewliang
No comments:
Post a Comment