I'm using this module with express and mongoose and have everything working on a row/object level basis by assigning a unique role to each user when they are created.
What I would like to do next is grant access to a user based on a mutual friendship but I'm not sure on the best approach. Here is my idea:
When a friendship is created, automatically create a friendship role based on the hash of two both userID's, then assign this new role friendship93092458234 to each.
Then when a user creates a resource that is set to friends only, we can assign a read permission to the friendship93092458234 role and because these two users have this role only they can see it.
Also, when using the allow method does it overwrite existing permissions or add new ones?
I'm using this module with express and mongoose and have everything working on a row/object level basis by assigning a unique role to each user when they are created.
What I would like to do next is grant access to a user based on a mutual friendship but I'm not sure on the best approach. Here is my idea:
When a friendship is created, automatically create a friendship role based on the hash of two both userID's, then assign this new role
friendship93092458234to each.Then when a user creates a resource that is set to friends only, we can assign a read permission to the
friendship93092458234role and because these two users have this role only they can see it.Also, when using the
allowmethod does it overwrite existing permissions or add new ones?So i can set up some access privileges here:
Would then doing this overwrite the previous permissions for a given role on a given resource?
Or do I have to call removeAllow and then allow to achieve this?
Thanks, James