Reputation: 296
feathersjs permissions - Roles
I am using feathersjs as a backend for an web app. I'm about to use the permissions to manage access to the database.
I have 3 roles: admin, organizer, user
I want to store the permissions for each role in a seperate table named "roles". And the user have a column with role and there I want to store the role ID.
Additionally each user only has right to edit his own row. so I need something like: 'users:update:1234' for each user.
How do I combine them. The documentation says the user table needs a column with "permissions" where I can store them. But I want to be more flexible.
Is there any good example for that? Internet is empty about it...
Greetings..
Upvotes: 1
Views: 1360
Answers (1)
Reputation: 44215
feathers-permissions is the way to go for this. As shown here it should be possible to create the dynamic roles you want like this:
app.service('users').hooks({
before: checkPermissions({
roles(context) {
return [ `users/${context.id}` ];
}
})
});
Now the user has to have the users/123:update permission. Instead of limiting the permissions by id however, to restrict requests to the current user, feathers-authentication-hooks can be used.
Upvotes: 2
Related Questions
- Feathers authentication.create throws 401 not authenticated error
- FeathersJS authentication deactivate user
- User's permissions in feathers.js API
- Authentication to Featherjs using socket.io-client
- How to 'restrict owner' but allow 'admin' role in Feathers
- Login-in by roles feathers-authentication
- Enforce access rights on Feathers.js resources
- Feathersjs administrator role (or feathers middleware with auth check)
- Feathers / Socket.io authentication
- Authenticate with simple rest call using feathersjs