Question on groups of users

[khankuan]

Hi, I would like to know how everyone is creating roles based on a group of users. I'm wondering if I can use a construct for roles like this: admin-${groupId} member-${groupId}

to assign a role that is specific to a context/entity/group.

Cheers!

[sstathatos]

I believe i have a similar question. I have a project based app (where users have different roles in particular projects), and I need ProjectID-specific roles. Is it valid (good practice) to create Owner/member roles for each different projectID? The readme file only includes examples where resources (eg blogs) in general are used. Can someone plz help? An example: acl.allow('project_27_member', 'project_27', 'view') acl.allow('project_27_owner', 'project_27', ['view','delete','update']) If i am confusing the meaning of your post, tell me so i delete my comment. Thank you!

[khankuan]

I think we have the same pattern of use case :)

[ghost]

I have the same pattern too... my first thought was similar to yours...admin-${groupId} or admin:${groupId}... another way is to update node-acl to allow adding a group_id (optional) or to create a parent role member-${groupid} or member:${groupid}

Another solution could be to manage separately oGroups/oRoles ( prefixed 'o' for 'organisation') to be used in an organisation ... and let all-node do its job for user' assignments ... ace-node will use only these oGroups ( as parent) and oRoles (as children)

@sstathatos as you already manage Projects , you can use a project_id as a parent role for all specific roles to this project...

[bodo22]

I am very interested in a none-hacky smooth solution to this problem. I think a have a similar pattern to @sstathatos .

I have many projects and each project has different resources assigned to it. the resource <-> project relationships change over time, but it is always a 1-1 relationship, so a little like renting a car (resource) to someone (projects). the projects should all have the same child-roles and permissions for their resources. how is it possible to create such a acl-tree, not have to always create the same child-roles and permissions for the projects resources manually while complying with the principle of least privilege? i am happy to delete if this is too off topic :)

[khankuan]

I've found prbac implemented in python but couldn't find anything in node. http://django-prbac.readthedocs.io/en/latest/apidoc/django_prbac.html

It seems to be taking in parameters to sub divide roles via parameters like project_27 or groupId.

[humzaiq]

I am in a similar situation where I need to setup roles for admins, managers, users for every different organizations and the closest I have come across is https://www.npmjs.com/package/authorized.

Let me know if this helps anyone.

[ghost]

authorized package has not been maintained for 4 years...

[sinqinc]

I have the same concern : https://github.com/OptimalBits/node_acl/issues/243

I also have a concern about the number of resources I need to create for each roles.

[cyrilchapon]

Same concern here. +1 very much.

We are making a BtoBtoC app, with admins at each level. We needa wholeapp scope > customer scope > customer's customer scope > group scope hierarchy.

[arihantdaga]

Anybody found anything ?