Rules of Authorization
- At present, only two types of resource authorization are provided:
Atom
andFunction
, which can fully meet the needs of actual business development - Only
leaf role
can adduser
. Users naturally have all the authorizations of their roles Leaf role
anduser
are many to many relationships- With the
whitelist policy
, the authorization of all roles must be set explicitly (superuser
is no exception)
Authorization Inheritance Mechanism
There are two inheritance mechanisms for role authorization in CabloyJS:
1. Inheritance Vertically
Child roles automatically inherit the authorization of all parent roles
2. Aggregate Horizontally
A role can aggregate another role to have authorization for that role. For example, if the role superuser
aggregates the role system
, then the role superuser
will automatically have the authorization of the role system
Role Template
:The feature ofrole template
also called aspredefined role
can be realized through the aggregation mechanism. A set of permissions can be assigned to the predefined roles, so that other roles can be authorized quickly in actual use
Authorization Ways
There are three ways of authorization:
Artificial Authorization
If certain permissions can only be determined at actual deployment or runtime, authorization operations can be performed through the management pages
Initial Authorization
If need to initialize permissions while the system is starting, can assign permissions through the backend API route version/init
. For example, assign permissions to the template role of system
The
initial authorization
is valid in thetest environment
,development environment
andproduction environment
Test Authorization
In order to facilitate testing and development, permissions can also be initialized through the backend API route version/test
in the development stage
. For example, assign permissions to certain test roles
The
initial authorization
is only valid in thetest environment
anddevelopment environment
Comments: