Function Authorization
Function authorization mainly solves such problems: who can access which functions of backend
One
functioncan correspond to one or moreAPI routes
Menuis a specialfunction
Authorization Ways
There are three ways of authorization: Artificial Authorization, Initial Authorization, Test Authorization
The API methods for initial authorization and test authorization are as follows:
addRoleFunction
a-base/backend/src/config/middleware/adapter/role.js
async addRoleFunction({ roleId, functionId, roleRightId = 0 })
| Name | Description |
|---|---|
| roleId | RoleId to be authorized |
| functionId | FunctionId |
| roleRightId | If it is atom action menu, the authorization record of the atom action is saved here |
addRoleFunctionBatch
a-base/backend/src/config/middleware/adapter/role.js
// const roleFunctions = [
// { roleName: 'root', name: 'listComment' },
// ];
async addRoleFunctionBatch({ module, roleFunctions })
| Name | Description |
|---|---|
| module | module name. If it is empty, the current module name will be used |
| roleFunctions | array of authorization records |
For Example
src/suite-vendor/test-party/modules/test-party/backend/src/service/version.js
// roleFunctions
const roleFunctions = [
{ roleName: 'root', name: 'kitchenSink' },
];
await this.ctx.meta.role.addRoleFunctionBatch({ roleFunctions });
Menu of Atom Action
There are two special menu items: Create Atom and Atom List, whose permissions are associated with Atom Actions. For example, when we configure the actions permissions of create and read for party, then we have corresponding permissions for the menus of Create Party and Party List
Authorization Checking
Authorization can be checked by middleware or API
Check by Middleware
CabloyJS uses the global middleware right to encapsulate the logic of authorization checking. It only needs to configure the corresponding middleware parameters on the API route
src/suite-vendor/test-party/modules/test-party/backend/src/routes.js
{ method: 'post', path: 'kitchen-sink/guide/echo9', controller: testKitchensinkGuide,
meta: {
right: {
type: 'function',
name: 'kitchenSink',
},
},
},
| Name | Description |
|---|---|
| right | the global middleware right, which is enabled by default, only needs to configure parameters |
| type | authorization type. here is function authorization |
| name | function name |
Check by API
src/suite-vendor/test-party/modules/test-party/backend/src/controller/test/function/public.js
// check right function
const pass = await this.ctx.meta.function.checkRightFunction({
function: {
module: 'test-party',
name: 'testFunctionPublic',
},
user: userTom,
});
assert.equal(!!pass, true);
Comments: