Identity Based Access Control

Question

Identity Based Access Control

Opened this issue 5 years ago · 3 comments

As mentioned here:

Typical example: users can edit their own comments but can only read other users comments. So having a role that either grants or deny edit permissions to the resource comment/edit is not good enough. The permission depends on which comment the user is accessing.

Other example here:

Let me give you an example based on a blogging platform where a writer can create a blog post and then open it up for editing — should the writer role also allow to rewrite every post in the system? Probably not. We need to first check if they are the owner of the post.

Is there a way to achieve that?

Answer 1 · 2020-06-10T11:04:20.000Z

Any news? I also have the challenge to check if the user is also the author

Answer 2 · 2020-06-10T22:05:27.000Z

Currently I found some alternatives:

Answer 3 · 2020-07-05T22:28:25.000Z

We have developed our own stack (restexpress.dev) and have expanded the existing express-acl. I hope it can help you!

https://restexpress.dev/#/src/services/express/README