Comments (18)
This module is now published with functionality as documented in the Readme.
from feathers-permissions.
"A version of feathers-permissions with noteable enhancements has been proved in the wild"
Where in the wild?
from feathers-permissions.
Why don't we guys start building your own utils till then. I'm using a role
& a permission
db with every user
getting a role
and role
having a bunch of permissions
.
I kept the first cut very simple with the pattern service:method
, will add more dimensions later like service:method:scope
where scope
defines the ownership hierarchy.
Here is a very small hook that implements the first cut. Not the exact one I'm using as that has some more logic specific to my use case.
import R from 'ramda';
export const authorize = () =>
iff(
isProvider('external'),
async ctx => {
const userPermissions = R.path(
['params', 'user', 'role', 'permissions'],
ctx
);
const types = R.pluck('type', userPermissions);
const hasPermissions = R.any(
p => p === `${ctx.path}:${ctx.method}`,
types
);
if (!hasPermissions) {
throw new errors.Forbidden('Not allowed to execute this action.');
}
return ctx;
}
);
from feathers-permissions.
@TimNZ I'm always happy about constructive criticism but your comment does neither further this discussion nor pay my rent so by all means, you are free (as in free software) to do so.
from feathers-permissions.
Both articles very good but they are not up to date, I have no idea how to integrate them cleanly with the latest version.
from feathers-permissions.
@ekryski could answer this best, but here is what I know.
A version of feathers-permissions with noteable enhancements has been proved in the wild.
The core team is 6 part-time people and some members are devoting what free time they have to auth and auth docs. This means permissions will be documented and released after auth is 100%. I cannot estimate when that would be.
from feathers-permissions.
+1
from feathers-permissions.
@eddyystop @ekryski I don't want to pressure as I know you are a small team, but is there any update on this, or notes of what needs doing / what we might be able to help with.
from feathers-permissions.
I doubt ekryski will get around to it any time soon. There was a Medium article published on how to use another package to do Feathers repos. @marshall may have a link to it.
from feathers-permissions.
@eddyystop gaaah please stop 😆
from feathers-permissions.
This makes me want to go back to Parse
from feathers-permissions.
It was a zero value comment, but wasn't a criticism.
What I should have said was, "Let's implement the parse ACL model".
from feathers-permissions.
For reference, there are also two great posts, Easy API Authorization with CASL and Feathers and Access control strategies with FeathersJS on this topic.
Most permission and authorization can be easily implemented in a few lines of code with all the flexibility (and without looking for another module, reading API docs, debugging issues and complaining about it) in a hook. All this module is basically doing is this:
const { Forbidden } = require('@feathersjs/errors');
app.service('messages').hooks({
before(context) {
const { user, method, path } = context.params;
if(user.permissions.includes(`${path}:${method}`) || user.permissions.includes(`${path}:*`) || user.permissions.includes(`*:*`)) {
return context;
}
throw new Forbidden('You are not allowed to access this');
}
});
from feathers-permissions.
@daffl Thanks. I was hasty in my original comment, having not done a thorough read of all the resources yet.
I'll go through all the docs and blogs and repos and issues before I write anything again.
from feathers-permissions.
Same here
from feathers-permissions.
i think the best solution would be to create a feathers-casl module but i do not have the knowledge for
from feathers-permissions.
Yeah, CASL looks really good, but I too find it not easy to integrate and would like it to easily include Postgres integration.
from feathers-permissions.
The linked articles will still work with the latest version, the only differences it that the module names changed. So feathers-errors
becomes @feathersjs/errors
(as outlined in the migration guide).
from feathers-permissions.
Related Issues (20)
- Is NULL a valid value for the permissions field?
- No error check when missing entity HOT 2
- Upgrade feathers-permissions to be compatible with Feathers v5 (Dove) HOT 1
- [api enhancement] checkPermissions could omit service option
- The documentation link is not available
- Allow user to modify his own data HOT 2
- context.params.permitted not set in child hook HOT 5
- Add a client-side counterpart
- Use checkPermissions with nested field HOT 1
- How do we handle permissions in channels? HOT 2
- An in-range update of @types/node is breaking the build 🚨 HOT 4
- An in-range update of @feathersjs/errors is breaking the build 🚨
- how to set a user to admin role? HOT 1
- Permission System Enhancement HOT 1
- Permissions field type in DB? HOT 1
- Dynamic Permission Creation not working as expected HOT 1
- [Feature] Add hasPermissions
- Unexpected behavior on checkPermissions with error: false HOT 7
- Unexpected behaviour when using multiple "checkPermissions" in one method
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from feathers-permissions.