A user wants access to a specific feature (e,g, changing the background) and local authorities trust the user enough to allow it.
Access to that feature is granted by a role that also grants access to other features that local authorities don't trust the user with.
Proposed solution
Use a Role-Based Access Control library like CherryProject's RBAC, or easy-rbac
or something else.
In the code, switch every role comparison with a RBAC.can() function call.
Motivation
A user wants access to a specific feature (e,g, changing the background) and local authorities trust the user enough to allow it. Access to that feature is granted by a role that also grants access to other features that local authorities don't trust the user with.
Proposed solution
Use a Role-Based Access Control library like CherryProject's RBAC, or easy-rbac or something else. In the code, switch every role comparison with a RBAC.can() function call.
See also
https://blog.nodeswat.com/implement-access-control-in-node-js-8567e7b484d1