Wednesday, 4 February 2015

keystone more deeper -- authorization (role control of admin-ui on tables)


After you have supper admin functionality in your keystonejs. You may need to limit users accessing of different tables. for example, only managers can manage products.

I have a commit for this:

https://github.com/wangpingsx/keystone_supperAdmin/tree/b47122f7cc05351a26c15aeeb9e6f78d922b616f

1. you should create two more test models:

https://github.com/wangpingsx/keystone_supperAdmin/tree/b47122f7cc05351a26c15aeeb9e6f78d922b616f/models

testObj and xxObj are test models, nothing special.

User.js, I added a new column for roles:  roles:{ type: Types.TextArray, label: 'Roles (do not use empty string please!)' }

You also need to set these two new objects in keystone.js.

2. add a middleware in middleware.js:

exports.initMyAuthorization = function(req, res, next) {...


  • The main switcher is "useMyAuthorization" I can put it into keystone.js. As a simple project I just want to make it simple.



  • "managePathOrItem" can manage the authorization is on the list or item. 


    1. "true" for list, which means unauthorized user can not see the list view of the target object.
    2. "false" for item, which mean unauthorized users still can see the list view, but not able to click to see detail page, no need to mention to change it.


  • you can use "rules" to setup your authorization checking rules:
var rules = [
{path:"XxObj",roles:['aa']},
{path:"testobjpath",roles:['cc','xx','zz']}
];


    "path" is the path of your model object. The path your used for register your model in keystone.js.
    "roles" are authorized roles.


3. register your new middleware:

https://github.com/wangpingsx/keystone_supperAdmin/blob/b47122f7cc05351a26c15aeeb9e6f78d922b616f/routes/index.js


keystone.pre('routes', middleware.initErrorHandlers);
keystone.pre('routes', middleware.initLocals);
keystone.pre('routes', middleware.initMyAuthorization);
keystone.pre('routes', middleware.initSupperAdminChecking);

Make sure you use the right sequence of middlewares.








































No comments:

Post a comment