节点JS和访问控制 [英] Node JS and Access Control

查看:133
本文介绍了节点JS和访问控制的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在我的项目中,我正在使用RBAC 访问控制。我创建了带有index.js的访问控制目录,在其中创建 grantsObject

In my project I'm using RBAC Access Control. I have created access-control directory with index.js inside, where I'm creating "grantsObject"

'use strict'

const AccessControl = require('accesscontrol');

let grantsObject = {
    admin: {
        // Extends user and can delete and update any video or post

        video: {
            'create:any': ['*'],
            'read:any': ['*'],
            'update:any': ['*'], // Admin privilege
            'delete:any': ['*']  // Admin privilege
        },
        post: {
            'create:any': ['*'],
            'read:any': ['*'],
            'update:any': ['*'], // Admin privilege
            'delete:any': ['*']  // Admin privilege
        }

    },
    user: {
        video: {
            'create:any': ['*'],
            'read:any': ['*']
        },
        post: {
            'create:any': ['*'],
            'read:any': ['*']
        }
    }
};

const ac = new AccessControl(grantsObject);

module.exports = ac;

后来在路线中,我需要此对象

And later in route I'm requiring this object

var ac = require('../config/access-control');

检查特权:

const permission = ac.can(req.user.userRole).readAny('post');
if (!permission.granted) {
    return res.status(403).end();
}

一切正常,但是我的问题是关于 grantsObject的。我希望有更好的代码组织。在我的项目中,我扮演着许多角色,并且代码变得越来越重复。

Everything is working fine, but my question is about "grantsObject". I would like to have better code organization. In my project I have many roles and code is becoming repetitive.

管理员具有某种继承性,只是扩展了用户权限。有什么方法可以避免应付管理对象内部的用户权限?

Admin has kind of inheritance and just extends user privileges. Is there any way to avoid coping user privileges inside admin object?

推荐答案

您可能想先声明用户权限,然后再声明扩展用户权限的管理员权限。 eg

You may want to declare the user permissions first and then declare admin permissions that extends user permissions. e.g. 

// Node.js v9.4.0
const user = {
    video: {
        'create:any': ['*'],
        'read:any': ['*']
    },
    post: {
        'create:any': ['*'],
        'read:any': ['*']
    }
}

const admin = {
    video: {
        ...user.video,
        'update:any': ['*'],
        'delete:any': ['*']
        }
    ,
    post: {
        ...user.post,
        'update:any': ['*'],
        'delete:any': ['*']
    }
}

const grantsObject = {
    admin,
    user,
};

上面的示例假定用户和管理员对同一资源共享相同的权限。

The above sample assumes that user and admin share same permissions for the same resource.

这篇关于节点JS和访问控制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
数据库最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆