📜  nodejs 基于角色的访问控制 - Javascript 代码示例

📅  最后修改于: 2022-03-11 15:01:15.691000             🧑  作者: Mango

代码示例1
Possible approach-> have role embedded in user collection/schema: users document shall have the following:

{
    _id : "email@mail.com",
    name: "lorem ipsum",
    role: "MAN"
}
As far as your post describes, only god can make and assign TODOs. Roles Collection may hold the following:

{
    _id : "MAN",
    globalPerm: [],
    privatePerm: [],
    assignedPerm: ["r","u"],
},
{
    _id : "SUPER_HERO",
    globalPerm: [],
    privatePerm: ["c","r","u","d"],
    assignedPerm: ["c","r","u","d"],
},
{
    _id : "GOD",
    globalPerm: ["c","r","u","d"],
    privatePerm: ["c","r","u","d"],
    assignedPerm: ["c","r","u","d"],
}
Node JS Middlewares After getting correct permission values for a user, you might want to use middlewares. Sample express HTTP request route:

app.post('/updateTodo', permissions.check('privatePerm', 'c'), function (req, res) {
 // do stuff
};

permissions.check is called before actually executing function body to update TODO.

Hence if a user tries to update a todo, it will first verify the corresponding permissions.