totaljs/modules

Using `@` flag for roles...

originalfoo opened this issue · 1 comments

originalfoo commented

I'm going to update the auth module readme.md to take account for roles now being done via the @ flags rather than ! flags. However, I just wanted to check - should the roles of a user be defined in the user object or somewhere else?

My guess is that it works like this:

F.onAuthorize = function( id, callback, flags ) {
   // get user associated with id

  var user = { id: result.id, name: result.name, roles: result.roles }
  callback( true, user );
}

Where roles would be a string array, eg. ['admin','moderator']

When routes require a role, use flags, eg:

F.route( '/some/path/', handlerFn, ['@admin'] );

Then the framework will handle the rest?

What if a route has multiple roles? eg. ['@admin','@moderator'] - if the user only has one role admin, will they be allowed to use a route that lists multiple roles, or would used need to have all those roles to use that route?

petersirka commented

This problem has been fixed.