how to implement permissions on routes and functions in sails.js?
Question
I'm new in sails and I have a PostgreSQL database. I want to implement a user management. I have some users, each user can be assigned to multiple groups , each group can be assigned to multiple roles and each role can have some permissions ! I checked document of sails permissions but I didn't get it well. for example, I want some groups not to be able to add or edit users or I want some roles not to be able to see user management menu. what should I do?
3 answers
solution1
1 2020-11-11 07:39:10
I may be a little late to post answer here, But there is a way available for access control in sails.
Sails has built-in policy based access control system.
- Policy
Policies in Sails are designed for controlling binary ("yes or no") access to particular actions. They work great for checking whether a user is logged in or for other simple "yes or no" checks, like whether the logged in user is a "super admin".
But for Dynamic permissions,
- Helpers
Link for documentation of helper, access-control-and-permissions
For more complex permission schemes, like those in which a requesting user agent's access rights depend on both who they are and what they're trying to do, you'll want to involve the database. While you can use policies to accomplish this, it's usually more straightforward and maintainable to use a helper.
One can find example here, Using helper for access control and permission
So you can use postgreSQL for storing roles and their respective permissions and retrive user role and check permission on need in policy/helper.
solution3
-1 2018-09-24 16:24:57
Sounds like what's most important is the association of the user to the permission (or role). So you could consider making models for each tier (user, role, group) or you can make a model for each kind of group and/or role (though that sounds like it could get out of hand) and then have the models associated with eachother. Then in the view action you can set what the permissions are (aka what groups or roles are allowed to see that page). Also in the markup you can set who is allowed to even see a button. For example: isSales could be a boolean on your group or roles model for a user that is in sales and they are allowed to see the edit button to change the price of something. So in your markup you have:
<div v-if="user.isSales">
<button> Edit price </button>
</div>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.