Skip to content

Instantly share code, notes, and snippets.

@albertosouza

albertosouza/sails-acl-npm-module-proposal.md

Last active February 10, 2016 13:14
Show Gist options
  • Save albertosouza/81bfb2bea761b7b6f5fe to your computer and use it in GitHub Desktop.
Save albertosouza/81bfb2bea761b7b6f5fe to your computer and use it in GitHub Desktop.
Download ZIP
A Sails.js ACL with Roles / permissions configs proposal ... based in sails police
Raw
sails-acl-npm-module-proposal.md

A ⛵ Sails.js ACL proposal ... based in polices

Please help build that feature with ideas 💭 here ... or code and tests here: https://github.com/wejs/sails-acl

How it will work? ...

What dependecies we need in our project?
  • User model - TODO add example link
  • Role model - TODO add example link
  • Permission model - TODO add example link ( for database permissions )
How to plug it?
  • Will be plugged in sails.js polices
  • After passport or other authentication middleware / police ( we need to get current logged in user)
  • And receive:
  • Current: fn(request, response, sails) ( if dont pass the arg sails it will tries to get from the global scope )
Authomatic / Special roles:
  • isAuthenticated
  • iSCreator
How if should work?

In 'get /user/' ( controller: user , action: index) it will check if "get_user_index" permission exists in config:

if "get_user_index" exists it will check if one of the user roles can access it.

else if "get_user_index" dont exist it will check if default get permission exists and use it

else if return res.forbiden(); with one default configurable message or template

What it checks?

First will have one default config for every method ( get, post, put and delete ).

  • It should get current controller, action and Method
  • Get current user Roles
  • Check if one of the logged in user roles has the permission
How to configure it?
  • With sails.js configurations ... TODO
@kristianmandrup
Copy link

kristianmandrup commented Oct 26, 2014

If I get around to wrapping up and completing this project it might be of interest?

https://github.com/kristianmandrup/permit-authorize

Main task is to extract the different pieces and make it more opt-in and configurable as a set of pieces you can assemble as you like to suit your needs...

@tobiasviehweger
Copy link

tobiasviehweger commented Oct 28, 2014

Hey guys,

just found this.. I've also started to create something role based for our project.
It's also very rough around the edges, but I'd really like a discussion about this..
It also plugs into the policies: https://github.com/yasoonOfficial/sails-generate-role

@albertosouza
Copy link
Author

albertosouza commented Nov 11, 2014

Thanks @kristianmandrup and @tobiasviehweger , my friend @saviogl will test this options for use in we.js

@albertosouza
Copy link
Author

albertosouza commented Nov 16, 2014

@marceloboeira , in we.js have some logic and history to keep we.js but the people of the ACL modules can think about it ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment