accesscontrol
accesscontrol copied to clipboard
onury
Custom actions and filtering in the template
Hello! I use express, passport and ejs template engine in my application
-
The documentation describes CRUD actions, but I need to create my own operations, such as shuffling a post, splitting a post, showing a download button, allowing downloading, etc. How can i do this?
-
How can I check access to several (for example 10) functions in a template? For example, I need to display a list of links for administering publications, such as creating, editing, moving, deleting, etc. My template:
<ul>
<li>Create</li>
<li>Edit</li>
<li>Move</li>
<li>Delete</li>
</ul>
I understand correctly that if I need to check when and why to display this or that link, will I have to write such a check?
<% if(ac.can('admin').updateAny('postView')) { %>
<ul>
<% if(ac.can('admin').updateAny('postCreate')) { %>
<li>Create</li>
<% } %>
<% if(ac.can('admin').updateAny('postEdit')) { %>
<li>Edit</li>
<% } %>
<% if(ac.can('admin').updateAny('postMove')) { %>
<li>Move</li>
<% } %>
<% if(ac.can('admin').updateAny('postDelete')) { %>
<li>Delete</li>
<% } %>
</ul>
<% } %>
and if I have 10 conditions(I have 10 roles - User, Editor, Admin, Moderator etc..), then will I have to write all of them into the IF condition?
You should never hard-code the role like that. This will never restrict the data.
"admin" can always do those actions to those resources (in your context).
But is the current user an admin?
You should ask: "can the current user's role(s) do that?"
<% if (ac.can(currentUser.roles).update('postView')) { %>
<ul>
<!-- Allowed content -->
</ul>
<% } %>
About your other question; AC currently supports CRUD actions only which virtually covers any action that could be applied to a resource (similar to the REST methodology). You just need to decide what the resource is, in your application's context.
You can read the F.A.Q. for more insight to what I mean. But in future, I plan for enabling custom actions.
