如何在sails.js中创建动态策略
[英]How to create dynamic policies in sails.js
问题描述
I have been working on a project where i need to create and assign policies according to access rights/levels to user in sails.js 
我一直致力于一个项目,我需要在sails.js中根据访问权限/级别创建和分配策略
Each user can access all levels below his level, like admin has an level 9 and he can access all levels below level 9 每个用户都可以访问低于其级别的所有级别,例如admin具有级别9,并且他可以访问级别9以下的所有级别
Currently in sails all policies are stored in 目前在风帆中存储所有策略
api/policies
folder and are assigned to controller in 文件夹并分配给控制器
config/policies.js
module.exports.policies = {
UserController: {
"create": ['canCreate'],
"list": ['canRead'],
"show": ['canRead'],
},
AuthController: {
'*': true,
}};
My Question is how can i make dynamic policies based on access levels coming in from db 我的问题是如何根据db中的访问级别制定动态策略
I have googled it but found nothing on how to create dynamic policies in sails.js, so posting here. 我已经google了它,但没有发现如何在sails.js中创建动态策略,所以发布在这里。
Appreciate your help on this. 感谢您对此的帮助。
Thanks 谢谢
4 个解决方案
解决方案1
2 已采纳 2015-04-21 13:30:59
Check out sails-permissions . 查看sails-permissions 。
Comprehensive user permissions and entitlements system for sails.js and Waterline.
解决方案2
1 2015-04-21 14:40:27
A simple method would be to create a policy for each access level. 一种简单的方法是为每个访问级别创建一个策略。
policies/level01.js policies/level02.js ect . policies / level01.js policies / level02.js等。 . 。 . 。
your policy file will check their session/token to make sure they meet the criteria of that policy. 您的策略文件将检查其会话/令牌,以确保它们符合该策略的条件。
policies/level01.js 政策/ level01.js
module.exports = function(req,res,next){
if(req.session.accessLevel = 1) return next();
return res.forbidden();
}
Then in your config 然后在你的配置中
module.exports.policies = {
UserController: {
"create": ['policyXX.js'],
"list": ['policyXX.js'],
"show": ['policyXX.js'],
},
AuthController: {
'*': true,
}};
Start with something like this that can familiarize with out these policies work and build up from there. 从这样的事情开始,可以熟悉这些政策的工作,并从那里建立起来。 It is always very important to know and understand exactly how your security works. 了解并准确理解您的安全性如何工作始终非常重要。
解决方案3
1 2015-04-21 16:09:48
The solution of @Travis Webb is a nice one. @Travis Webb的解决方案很不错。 You also can create model roles and a model permission linked by relations (one to many, many to many ....) as you wish and then filter them with a policy like that: 您还可以根据需要创建模型角色和由关系链接的模型权限(一对多,多对多....),然后使用以下策略过滤它们:
Example: 例:
module.exports = function isAdmin (req, res, next) {
if (typeof req.session.User != "undefined") {
User.findOne(req.session.User.id).populate('roles').exec(function(err,user){
if(err) return res.forbidden('You are not permitted to perform this action.');
if(!user) return res.redirect('/user/new');
for(var i in user.roles){
if(user.roles[i]['name'] == 'ROLE_ADMIN'){
return next();
}
}
return res.redirect('/user/show/'+req.session.User.id);
});
} else {
return res.redirect('/session/new');
}
};
Best Regards 最好的祝福
解决方案4
0 2017-02-22 22:44:09
A year and a half later, if someone runs into this, sails-must seems like a nice solution for this. 一年半之后,如果有人遇到这个问题,那么风帆似乎是一个很好的解决方案。
RabbitController: {
nurture: must().be.a('rabbit').mother,
feed: [must().be.nice.to('rabbits'), must().have('rabbit').food]
},
Disclaimer: I have not used it myself. 免责声明:我自己没有用过它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.