Function Authorization
Function authorization
mainly solves such problems: who
can access which functions
of backend
One
function
can correspond to one or moreAPI routes
Menu
is a specialfunction
Authorization Ways
There are three ways of authorization: Artificial Authorization
, Initial Authorization
, Test Authorization
The API methods for initial authorization
and test authorization
are as follows:
addRoleFunction
a-base/backend/src/config/middleware/adapter/role.js
async addRoleFunction({ roleId, functionId, roleRightId = 0 })
Name | Description |
---|---|
roleId | RoleId to be authorized |
functionId | FunctionId |
roleRightId | If it is atom action menu , the authorization record of the atom action is saved here |
addRoleFunctionBatch
a-base/backend/src/config/middleware/adapter/role.js
// const roleFunctions = [
// { roleName: 'root', name: 'listComment' },
// ];
async addRoleFunctionBatch({ module, roleFunctions })
Name | Description |
---|---|
module | module name. If it is empty, the current module name will be used |
roleFunctions | array of authorization records |
For Example
src/suite-vendor/test-party/modules/test-party/backend/src/service/version.js
// roleFunctions
const roleFunctions = [
{ roleName: 'root', name: 'kitchenSink' },
];
await this.ctx.meta.role.addRoleFunctionBatch({ roleFunctions });
Menu of Atom Action
There are two special menu items: Create Atom
and Atom List
, whose permissions are associated with Atom Actions
. For example, when we configure the actions permissions of create
and read
for party
, then we have corresponding permissions for the menus of Create Party
and Party List
Authorization Checking
Authorization can be checked by middleware
or API
Check by Middleware
CabloyJS uses the global middleware right
to encapsulate the logic of authorization checking. It only needs to configure the corresponding middleware parameters on the API route
src/suite-vendor/test-party/modules/test-party/backend/src/routes.js
{ method: 'post', path: 'kitchen-sink/guide/echo9', controller: testKitchensinkGuide,
meta: {
right: {
type: 'function',
name: 'kitchenSink',
},
},
},
Name | Description |
---|---|
right | the global middleware right , which is enabled by default, only needs to configure parameters |
type | authorization type. here is function authorization |
name | function name |
Check by API
src/suite-vendor/test-party/modules/test-party/backend/src/controller/test/function/public.js
// check right function
const pass = await this.ctx.meta.function.checkRightFunction({
function: {
module: 'test-party',
name: 'testFunctionPublic',
},
user: userTom,
});
assert.equal(!!pass, true);
Comments: