Please help build that feature with ideas 💭 here ... or code and tests here: https://github.com/wejs/sails-acl
- User model - TODO add example link
- Role model - TODO add example link
- Permission model - TODO add example link ( for database permissions )
- Will be plugged in sails.js polices
- After passport or other authentication middleware / police ( we need to get current logged in user)
- And receive:
- Current: fn(
request,response,sails) ( if dont pass the arg sails it will tries to get from the global scope )
- isAuthenticated
- iSCreator
In 'get /user/' ( controller: user , action: index) it will check if "get_user_index" permission exists in config:
if "get_user_index" exists it will check if one of the user roles can access it.
else if "get_user_index" dont exist it will check if default get permission exists and use it
else if return res.forbiden(); with one default configurable message or template
First will have one default config for every method ( get, post, put and delete ).
- It should get current controller, action and Method
- Get current user Roles
- Check if one of the logged in user roles has the permission
- With sails.js configurations ... TODO
Hey guys,
just found this.. I've also started to create something role based for our project.
It's also very rough around the edges, but I'd really like a discussion about this..
It also plugs into the policies: https://github.com/yasoonOfficial/sails-generate-role