An RBAC proposal in a simple way
Role-based access control (RBAC) is a policy-neutral access-control mechanism defined around roles and privileges.
Further reading: https://en.wikipedia.org/wiki/Role-based_access_control && https://zhuanlan.zhihu.com/p/63769951
Even large information shows on the internet to tell people what the RBAC is. However, it still makes people feel difficult to understand it and use it in practice.
The concept is clear. The RBAC method enables you to control the permission of the data to show to different roles of users. For instance, people in different departments can read different announcements. In this case, how to set the permission for each announcement?
Following the RBAC concept, I developed a demo to show you how to use it in a simple situation, including database setting, initial data and querying the data.
How to run this demo
npm ito install dependencies
node generateRoles.mjsto generate roles
node generateUsers.mjsto generate users
node generateContent.mjsto generate news and permissions
node index.mjsto check the result
- Go into the index.mjs to see more details
In this demo what you can get
Querying the right news
- Get the user info.
- Get the user's read access for news. Here, you need to filter permissions that have the user's roles in its reaRoles filed && the user is not in the bannedUser list.
- Get news which the user has the right to read
- In an extra function, it uses the fuse.js to do the search work.
It is a demo for the RBAC concept, when you understand it, then you can design your own proposal.
It uses the pouchDB to get the data, in your case, you should shift it to your database or RESTful to query the data.