TechQA.

how to implement permissions on routes and functions in sails.js?

545 views Asked by At

I'm new in sails and I have a PostgreSQL database. I want to implement a user management. I have some users, each user can be assigned to multiple groups, each group can be assigned to multiple roles and each role can have some permissions! I checked document of sails permissions but I didn't get it well. for example, I want some groups not to be able to add or edit users or I want some roles not to be able to see user management menu. what should I do?

node.js permissions sails.js sails-postgresql sails-permissions
Original Q&A
3

There are 3 answers

0
Martial On

Sails.js has no ACL managment You have to use 3rd party middleware like roles or role-acl

2
Raqem On

Sounds like what's most important is the association of the user to the permission (or role). So you could consider making models for each tier (user, role, group) or you can make a model for each kind of group and/or role (though that sounds like it could get out of hand) and then have the models associated with eachother. Then in the view action you can set what the permissions are (aka what groups or roles are allowed to see that page). Also in the markup you can set who is allowed to even see a button. For example: isSales could be a boolean on your group or roles model for a user that is in sales and they are allowed to see the edit button to change the price of something. So in your markup you have:

 <div v-if="user.isSales">
  <button> Edit price </button>
 </div>
0
Prem popatia On

I may be a little late to post answer here, But there is a way available for access control in sails.

Sails has built-in policy based access control system.

  1. Policy

Policies in Sails are designed for controlling binary ("yes or no") access to particular actions. They work great for checking whether a user is logged in or for other simple "yes or no" checks, like whether the logged in user is a "super admin".

But for Dynamic permissions,

  1. Helpers

Link for documentation of helper, access-control-and-permissions

For more complex permission schemes, like those in which a requesting user agent's access rights depend on both who they are and what they're trying to do, you'll want to involve the database. While you can use policies to accomplish this, it's usually more straightforward and maintainable to use a helper.

One can find example here, Using helper for access control and permission

So you can use postgreSQL for storing roles and their respective permissions and retrive user role and check permission on need in policy/helper.

Related Questions in NODE.JS

Related Questions in PERMISSIONS

Related Questions in SAILS.JS

Related Questions in SAILS-POSTGRESQL

Related Questions in SAILS-PERMISSIONS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions