express-acl icon indicating copy to clipboard operation
express-acl copied to clipboard

Published 20 hours ago verified publisher icon nyambati

Identity Based Access Control

Open HenriqueSilverio opened this issue 5 years ago • 3 comments

As mentioned here:

Typical example: users can edit their own comments but can only read other users comments. So having a role that either grants or deny edit permissions to the resource comment/edit is not good enough. The permission depends on which comment the user is accessing.

Other example here:

Let me give you an example based on a blogging platform where a writer can create a blog post and then open it up for editing — should the writer role also allow to rewrite every post in the system? Probably not. We need to first check if they are the owner of the post.

Is there a way to achieve that?

HenriqueSilverio avatar Jun 27 '19 20:06 HenriqueSilverio

Any news? I also have the challenge to check if the user is also the author

tguelcan avatar Jun 10 '20 11:06 tguelcan

Currently I found some alternatives:

HenriqueSilverio avatar Jun 10 '20 22:06 HenriqueSilverio

We have developed our own stack (restexpress.dev) and have expanded the existing express-acl. I hope it can help you!

https://restexpress.dev/#/src/services/express/README

tguelcan avatar Jul 05 '20 22:07 tguelcan