Can rules be cascaded?
Closed this issue · 2 comments
Is it possible to have cascading rules on the same resource?
Like having a rule that explicitly denies all methods, then other rules that explicitly allow a few. This would mean that the same method has multiple rules defined for it but the system can resolve the one that has final effect, maybe through priorities, ordering, etc.
By default, this module assert explicit deny to all routes. You can have the same effect by specifying the methods with action allow and it will deny all other unspecified methods. Cascading rules sounds like a good idea, but I feel it will add complexity, but I will look into it. Please check read the wiki on how to write acl rules, by understanding the principle of negation I am certain you will achieve the same effect.
Yeah I read the wiki and the logic behind your implementation. I guess I'm used to the Loopback way of dealing with ACL where I started by explicitly denying all permissions for everyone then go on to allow the ones I want. It could be an added feature on top of what it already does, for those of us who tend to be a bit paranoid. But I guess it's not urgent.