SailsJS user access levels and roles

问题

I am using what I have learnt here to build a user authentication system. Essentially it is using passport local auth.

How would I add users access levels and roles to SailsJS? For example I would like access levels (canWriteAll, canWriteOwn, canRead) with user roles that these are assigned to (admin, contributor, user...etc..).

回答1:

Sails has built-in policy based access control system. Check out documentation first.

The simple form if it is:

• create required access level attribute in your User model equal to most basic access level by default. This can be number (like 1 - administrator and 100 - unauthenticated user, and other roles between them) or string (like administrator, moderator, guest) or anything.

• create middlewares in policies folder (check documentation for examples).

• in policies configuration file add policy for each controller and their methods.

Like:

UserController: {
  '*': false,                    // disallow for each method not listed here
  find: ['guest'],               // check guest.js middleware for permission
  destroy: ['administrator']     // check administrator.js middleware for permission
}

来源：https://stackoverflow.com/questions/34966237/sailsjs-user-access-levels-and-roles