search

nyambati / express-acl

This is a express module that enables you to implement ACL with much ease
https://nyambati.github.io/express-acl/
MIT License
227 stars 51 forks source link

Identity Based Access Control #136

Open HenriqueSilverio opened 5 years ago

HenriqueSilverio commented 5 years ago

As mentioned here:

Typical example: users can edit their own comments but can only read other users comments. So having a role that either grants or deny edit permissions to the resource comment/edit is not good enough. The permission depends on which comment the user is accessing.

Other example here:

Let me give you an example based on a blogging platform where a writer can create a blog post and then open it up for editing — should the writer role also allow to rewrite every post in the system? Probably not. We need to first check if they are the owner of the post.

Is there a way to achieve that?

tguelcan commented 4 years ago

Any news? I also have the challenge to check if the user is also the author

HenriqueSilverio commented 4 years ago

Currently I found some alternatives:

tguelcan commented 4 years ago

We have developed our own stack (restexpress.dev) and have expanded the existing express-acl. I hope it can help you!

https://restexpress.dev/#/src/services/express/README