search

CityWebConsultants / Iris

Modular content management and web application framework built with Node.js and MongoDB
http://irisjs.org
Other
9 stars 7 forks source link

Permissions callback #124

Closed adam-clarey closed 8 years ago

adam-clarey commented 8 years ago

This extends the iris routes so now you can add logic to page permissions.

use case:

There is an entity type where you want certain users (not entity authors) to edit specific entities based on some requirement, ie, they are listed as a manager of that entity.

When defining the route options for that callback you add 'permissionsCallback' and provide a function as the value.

The function needs to be defined before the route as below:

iris.modules.entityUI.globals.permissionsCallback = function(options, authPath) {

  \\ Some logic here
  return false;

}

var routes = {
  'edit': {
    "title": "Edit entity",
    "permissions": ["can create custom reports"],
    "permissionsCallback": iris.modules.entityUI.globals.permissionsCallback
  }
};

'permissionsCallback' is not required so should not be a breaking change.

adam-clarey commented 8 years ago

Don't assess yet, i'm extending it for more flexibility

adam-clarey commented 8 years ago

I've extended it so now the permissions callback is aync allowing for aync logic for checking permissions.

I also added a real world example of this in use for the entity edit page. Before it was hardcoded that only admins could access the page. Now it checks the 'can edit any [type]' and 'can edit own [type]' permissions

pau1m commented 8 years ago

+1

FilipNest commented 8 years ago

Wouldn't it be nicer to make this extension general across the whole of the permission system rather than just routes? Under register permission you could register an optional callback. Only a thought. I'll put it as a separate issue.