SailsJS 用户访问级别和角色 [英] SailsJS user access levels and roles

问题描述

我正在使用我学到的东西 这里 构建用户认证系统.本质上它是使用护照本地身份验证.

I am using what I have learnt here to build a user authentication system. Essentially it is using passport local auth.

如何将用户访问级别和角色添加到 SailsJS?例如，我想要访问级别(canWriteAll、canWriteOwn、canRead)以及这些分配给的用户角色(管理员、贡献者、用户...等).

How would I add users access levels and roles to SailsJS? For example I would like access levels (canWriteAll, canWriteOwn, canRead) with user roles that these are assigned to (admin, contributor, user...etc..).

推荐答案

Sails 具有内置的基于策略的访问控制系统.首先查看文档.

Sails has built-in policy based access control system. Check out documentation first.

如果是简单的形式:

• 在您的用户模型中创建所需的访问级别属性，默认情况下等于最基本的访问级别.这可以是数字(如 1 - 管理员和 100 - 未经身份验证的用户，以及它们之间的其他角色)或字符串(如 administrator、moderator、guest>) 或任何东西.

• create required access level attribute in your User model equal to most basic access level by default. This can be number (like 1 - administrator and 100 - unauthenticated user, and other roles between them) or string (like administrator, moderator, guest) or anything.

在 policies 文件夹中创建中间件(查看文档以获取示例).

create middlewares in policies folder (check documentation for examples).

在政策 配置文件为每个控制器及其方法添加策略.

in policies configuration file add policy for each controller and their methods.

喜欢:

UserController: {
  '*': false,                    // disallow for each method not listed here
  find: ['guest'],               // check guest.js middleware for permission
  destroy: ['administrator']     // check administrator.js middleware for permission
}

这篇关于SailsJS 用户访问级别和角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！