Function Authorization

Function authorization mainly solves such problems: who can access which functions of backend

One function can correspond to one or more API routes

Menu is a special function

Authorization Ways

There are three ways of authorization: Artificial Authorization, Initial Authorization, Test Authorization

The API methods for initial authorization and test authorization are as follows:

addRoleFunction

a-base/backend/src/config/middleware/adapter/role.js

async addRoleFunction({ roleId, functionId, roleRightId = 0 })
Name Description
roleId RoleId to be authorized
functionId FunctionId
roleRightId If it is atom action menu, the authorization record of the atom action is saved here

addRoleFunctionBatch

a-base/backend/src/config/middleware/adapter/role.js

// const roleFunctions = [
//   { roleName: 'root', name: 'listComment' },
// ];
async addRoleFunctionBatch({ module, roleFunctions })
Name Description
module module name. If it is empty, the current module name will be used
roleFunctions array of authorization records

For Example

src/module/test-party/backend/src/service/version.js

// roleFunctions
const roleFunctions = [
  { roleName: 'root', name: 'kitchenSink' },
];
await this.ctx.meta.role.addRoleFunctionBatch({ roleFunctions });

Menu of Atom Action

There are two special menu items: Create Atom and Atom List, whose permissions are associated with Atom Actions. For example, when we configure the actions permissions of create and read for party, then we have corresponding permissions for the menus of Create Party and Party List

Authorization Checking

Authorization can be checked by middleware or API

Check by Middleware

CabloyJS uses the global middleware right to encapsulate the logic of authorization checking. It only needs to configure the corresponding middleware parameters on the API route

src/module/test-party/backend/src/routes.js

{ method: 'post', path: 'kitchen-sink/guide/echo9', controller: testKitchensinkGuide,
  meta: {
    right: {
      type: 'function',
      name: 'kitchenSink',
    },
  },
},
Name Description
right the global middleware right, which is enabled by default, only needs to configure parameters
type authorization type. here is function authorization
name function name

Check by API

src/module/test-party/backend/src/controller/test/function/public.js

// check right function
const pass = await this.ctx.meta.function.checkRightFunction({
  function: {
    module: 'test-party',
    name: 'testFunctionPublic',
  },
  user: userTom,
});
assert.equal(!!pass, true);