glintcms-starter-glintcms
Version:
This is a WebSite implementation with GlintCMS. It shows how you can use GlintCMS.
95 lines (57 loc) • 1.89 kB
Markdown
# page-auth-access
# note
> This Module is part of [glintcms](http://glintcms.com/).
> Please see the [documentation](https://github.com/glintcms/glintcms) for more info.
This is a Role based Authorization Module (or Role Based Access Control aka RBAC).
> Authorization refers to rules that determine who is allowed to do what. E.g. Adam may be authorized to create and delete databases, while Usama is only authorised to read.
it lets you:
- define roles
- define permissions
- assign roles to permissions
- assign user to roles
this gives us the following model:
```
1 n 1 n
user ---- role ---- permission
```
## usage
TODO
## usage notes
- `wrap-layout` it depends on `wrap-layout`, but doesn't have it declared as `dependencies`.
## example definitions
userX.role = 'blogger,translator'
roles: ['admin:super', 'admin', 'editor', 'blogger', 'translator']
permissions: ['view', 'edit', 'edit:blog', 'edit:page', 'add', 'remove', 'manage']
grant: {
superadmin : '*',
admin: '*,-manage',
editor: 'view,edit:*,add,remove',
blogger: 'view,edit:blog,add'
}
## or
role
admin:super can admin
admin can editor
super:admin
# alternative: ressource based access control
var access = require('fort-knox')
access();
## api
#### access(methods, path, role)
example:
access(['GET', 'POST'], '/*/glint/role/*', 'admin:*')
access('POST', '/*/glint/*/*', 'edit:glint')
TODO implement where function
#### access(methods, path, role, where)
example with `where` function:
access(['GET', 'POST'], '/:org/glint/role/:id', 'admin:*', function(param){
return (req.user.id === param.id && req.user.org === param.org);
});
example with `where` object:
access(['GET', 'POST'], '/:org/glint/role/*', 'admin:*', { org: req.user.org});
access.roles
-> saved roles
app.midleware
middleware function
example usage:
app.use(access.middleware())