Role System
The role system of CabloyJS is based on the popular RBAC
model on the Internet, and the following enhancements are made:
-
Tree structure
: the role is expanded into atree structure
, and the concepts ofdepartment
,position
andlevel
are also integrated into the role tree, so as to facilitate more flexible data authorization -
Wider application scopes
: the role system can be applied to moreresource authorization
.Menu
are just one type of resource -
Data scope authorization
: Support data scope authorization in enterprise business development. For example,Mike
is an employee of the software department, who can only view his own data;Jone
is the manager of the software department, who can view the data of his department;Jimmy
is the person in charge of the enterprise, who can view the data of the whole enterprise
Concept Discrimination
When it comes to role system, there are often such concepts as user
, user group
, role
, department
, position
, authorized object
, etc.
While the role system designed by CabloyJS only has the concepts of user
, role
and authorized object
. The concept is simple, clear, flexible and efficient, easy to understand and easy to maintain
Department as Role
In essence, a department
is a role
, such as software department
, finance department
, etc.
Position as Role
In essence, a position
is also a role
, such as manager of software department
, designer of software department
, developer of software department
, etc.
Data Scope as Role
Data scope
is also a role
. For example: Jone
is the manager of the software department, and can view the data of the software department
. the software department
is the data scope
Role Tree
CabloyJS refines a set of built-in
roles and forms a standardized role tree
according to the requirements of various business development. In the actual development, we can expand and adjust the role tree
to meet the needs of various roles
- root
- anonymous
- authenticated
- template
- system
- registered
- activated
- superuser
- organization
- internal
- external
- template
名称 | 说明 |
---|---|
root | root role: including all roles |
anonymous | anonymous role: users who donot login will automatically belong to the anonymous role |
authenticated | authenticated role |
template | template role: You can configure some basic and general permissions for the template role |
system | system template role |
registered | registered role |
activated | activated role |
superuser | superuser role: the user root belongs to the role of superuser |
organization | organization role |
internal | internal organization role: software department, finance department, etc. |
external | external organization role: available for partners |
The role
superuser
aggregates the rolesystem
. Therefore, we often authorize some basic permissions to the rolesystem
. In this way, the rolesuperuser
also has the corresponding authorization.
Terminology Specification
Role
is one of the core concepts of business oriented system development. CabloyJS provides a simple and flexible role system. To facilitate communication and development, CabloyJS uses the following terms:
Catalog Role
-
Catalog Role:the role which contains other child roles
-
Not allowed to add user to the catalog role directly
Leaf Role
-
Leaf Role: the leaf of the role tree
-
Only leaf roles are allowed to add users
Child Role
- Child Role:either catalog role or leaf role
Aggregate Role
-
Aggregate role
is not a role name, but a relationship between roles. In general, the role tree reflects the vertical inheritance relationship from top to bottom. While CabloyJS implements a new mechanism to enable one role aggregate another horizontally, which is called asaggregate role
-
Through the mechanism of
aggregate role
, it is easy to realize the feature ofrole template
Data Scope
- It refers to the role scope limited by the authority during the role authorization
Rebuild Role Tree
In order to improve the running performance, CabloyJS optimizes the role tree. Therefore, if the role tree
structure changes, it is necessary to perform the action of Build
in order to re-optimize the role tree
Role Tree Status
- 1const dirty=await this.ctx.meta.role.getDirty();
Build by Code
- 1await this.ctx.meta.role.build();
Build by Admin Page
Enter the page Role Management
. When the role tree
changes, the button +
will appear automatically in the lower right corner of the page. Click this button to complete the reconstruction
Comments: