Role System

The role system of CabloyJS is based on the popular RBAC model on the Internet, and the following enhancements are made:

  1. Tree structure: the role is expanded into a tree structure, and the concepts of department, position and level are also integrated into the role tree, so as to facilitate more flexible data authorization

  2. Wider application scopes: the role system can be applied to more resource authorization. Menu are just one type of resource

  3. Data scope authorization: Support data scope authorization in enterprise business development. For example, Mike is an employee of the software department, who can only view his own data; Jone is the manager of the software department, who can view the data of his department; Jimmy is the person in charge of the enterprise, who can view the data of the whole enterprise

Concept Discrimination

When it comes to role system, there are often such concepts as user, user group, role, department, position, authorized object, etc.

While the role system designed by CabloyJS only has the concepts of user, role and authorized object. The concept is simple, clear, flexible and efficient, easy to understand and easy to maintain

Department as Role

In essence, a department is a role, such as software department, finance department, etc.

Position as Role

In essence, a position is also a role, such as manager of software department, designer of software department, developer of software department, etc.

Data Scope as Role

Data scope is also a role. For example: Jone is the manager of the software department, and can view the data of the software department. the software department is the data scope

Role Tree

CabloyJS refines a set of built-in roles and forms a standardized role tree according to the requirements of various business development. In the actual development, we can expand and adjust the role tree to meet the needs of various roles

  • root
    • anonymous
    • authenticated
      • template
        • system
      • registered
      • activated
      • superuser
      • organization
        • internal
        • external
名称 说明
root root role: including all roles
anonymous anonymous role: users who donot login will automatically belong to the anonymous role
authenticated authenticated role
template template role: You can configure some basic and general permissions for the template role
system system template role
registered registered role
activated activated role
superuser superuser role: the user root belongs to the role of superuser
organization organization role
internal internal organization role: software department, finance department, etc.
external external organization role: available for partners

The role superuser aggregates the role system. Therefore, we often authorize some basic permissions to the role system. In this way, the role superuser also has the corresponding authorization.

Terminology Specification

Role is one of the core concepts of business oriented system development. CabloyJS provides a simple and flexible role system. To facilitate communication and development, CabloyJS uses the following terms:

Catalog Role

  • Catalog Role:the role which contains other child roles

  • Not allowed to add user to the catalog role directly

Leaf Role

  • Leaf Role: the leaf of the role tree

  • Only leaf roles are allowed to add users

Child Role

  • Child Role:either catalog role or leaf role

Aggregate Role

  • Aggregate role is not a role name, but a relationship between roles. In general, the role tree reflects the vertical inheritance relationship from top to bottom. While CabloyJS implements a new mechanism to enable one role aggregate another horizontally, which is called as aggregate role

  • Through the mechanism of aggregate role, it is easy to realize the feature of role template

Data Scope

  • It refers to the role scope limited by the authority during the role authorization

Rebuild Role Tree

In order to improve the running performance, CabloyJS optimizes the role tree. Therefore, if the role tree structure changes, it is necessary to perform the action of Build in order to re-optimize the role tree

Role Tree Status

  1. 1const dirty=await this.ctx.meta.role.getDirty();

Build by Code

  1. 1await;

Build by Admin Page

Enter the page Role Management. When the role tree changes, the button + will appear automatically in the lower right corner of the page. Click this button to complete the reconstruction