RBAC Planning #24
Description
roles have permissions, permissions map to validator functions
example:
function validate(req) {
if (!req.valid) {
return false; // should this throw an error?
}
return true;
}validator functions are defined in 3 places and take the following precedence (lowest to highest)
- default validator just does a string match of the permission name
'user.get': function validate(req) {
return permissions[req.role].indcludes('user.get');
}- custom validators can be defined in the permission file
'user.get9to5': function validate(req) {
return permissions[req.role].indcludes('user.get') && timeofday > 9 && timeofday < 5;
}- custom validators can be passed in by the user of the middleware
router.get('/:id',
permission.middleware(['user.get', 'user.self'], {
'user.self': function(req) {
return req.params.id === req.userId;
}
}),
function(req, res, next) {
// route
}
)Metadata
Metadata
Assignees
Labels
No labels