franciscogouveia
commented
7 years ago Hi James!
Thank you.
Regarding your use case, hapi-rbac controls who has access to which routes. Controlling who has access to document fields is something that depends on the route handlers implementation for handling documents.
You can have a look at rbac-core and try to implement yourself the logic for your implementation.
Good luck and have fun!
Sorry for the late answer, didn't have much time lately for OSS.
@franciscogouveia excellent library!
I wanted to see if you had any thoughts on how this could be used for field-level access control?
For example, given a
customerrecord, a business owner may have full access to the record, which includes some private meta data, where as the customer themselves may have access to everything except that private meta data.Thanks!