sails-hook-permit-actions
Sails.js role and permission based security hook with user authentication included out of the box. It is designed to plug in and work with blueprints and custom controller actions.
Authentication provided by: https://github.com/tjwebb/sails-auth
Install
$ npm install sails-hook-permit-actions --saveUsage (with a clean sails instance)
$ sails liftYou can authenticate with the default admin user:
POST: /auth/local send:{ identifier: 'admin', password: 'admin1234' }
config/permissions.js
This configuration file is where you can extend the permissions the hook creates for you during lift.
For example:
If I wanted to create a sails classroom api and lock it down to only teachers.
I would first generate the classroom api:
$ sails generate api classroomThen create a new teacher role and give the role access to all classroom blueprint actions:
Roles: {
'teacher': {
'classroom': { actions: ['create','find','findone','update','destroy','populate','add','remove'] }
}
The 3 roles below are created automatically for you by the hook:
- Admin:
- A user with this role has api access to the following:
- All controllers
- All actions including blueprint and custom actions
- A user with this role does not have access to the following:
- Any action marked as internal
- Registered (Note: all users have this role by default):
- A user with this role has api access to the following:
- User controller (only for their user):
- blueprint actions: ['findone','update','destroy','populate','add','remove']
- Auth controller:
- custom actions: ['disconnect','provider','logout']
- Logout occurs here in sails-auth
- custom actions: ['disconnect','provider','logout']
- User controller (only for their user):
- A user with this role does not have access to the following:
- Any action marked as internal
- Public:
- This role allows any action tied to it available to everyone automatically:
- User controller:
- blueprint actions: ['create']
- Auth controller:
- custom actions: ['callback']
- Authentication occurs here in sails-auth
- custom actions: ['callback']
- User controller:
- A user with this role does not have access to the following:
- Any action marked as internal
You can see how they are used in the unit tests below:
License
MIT