Rules of Authorization
- At present, only two types of resource authorization are provided:
AtomandFunction, which can fully meet the needs of actual business development - Only
leaf rolecan adduser. Users naturally have all the authorizations of their roles Leaf roleanduserare many to many relationships- With the
whitelist policy, the authorization of all roles must be set explicitly (superuseris no exception)
Authorization Inheritance Mechanism
There are two inheritance mechanisms for role authorization in CabloyJS:
1. Inheritance Vertically
Child roles automatically inherit the authorization of all parent roles
2. Aggregate Horizontally
A role can aggregate another role to have authorization for that role. For example, if the role superuser aggregates the role system, then the role superuser will automatically have the authorization of the role system
Role Template:The feature ofrole templatealso called aspredefined rolecan be realized through the aggregation mechanism. A set of permissions can be assigned to the predefined roles, so that other roles can be authorized quickly in actual use
Authorization Ways
There are three ways of authorization:
Artificial Authorization
If certain permissions can only be determined at actual deployment or runtime, authorization operations can be performed through the management pages
Initial Authorization
If need to initialize permissions while the system is starting, can assign permissions through the backend API route version/init. For example, assign permissions to the template role of system
The
initial authorizationis valid in thetest environment,development environmentandproduction environment
Test Authorization
In order to facilitate testing and development, permissions can also be initialized through the backend API route version/test in the development stage. For example, assign permissions to certain test roles
The
initial authorizationis only valid in thetest environmentanddevelopment environment
Comments: