"appUser": {
"user": {
"read": true,
"write": false
},
"packages": {
"read": true,
"write": false
},
"user_package": {
"read": true,
"write": false
},
"roles": {
"read": true,
"write": false
},
"user_detail": {
"read": true,
"write": false
},
"role_mapping": {
"read": true,
"write": false
},
"guide": {
"read": true,
"write": false
},
"guide_categories": {
"read": true,
"write": false
},
"follow_guides": {
"read": true,
"write": false
},
"pin": {
"read": true,
"write": false
},
"fav_pins": {
"read": true,
"write": false
},
"pin_guides": {
"read": true,
"write": false
},
"pin_media": {
"read": true,
"write": false
},
"category": {
"read": true,
"write": false
},
"pin_categories": {
"read": true,
"write": false
},
"company_details": {
"read": true,
"write": false
},
"person_details": {
"read": true,
"write": false
},
"interview": {
"read": true,
"write": false
},
"guide_media": {
"read": true,
"write": false
},
"thread": {
"read": true,
"write": false
},
"tutorial": {
"read": true,
"write": false
},
"comments": {
"read": true,
"write": false
}
}
function verifyToken(req, res, next) {
var func = req.query.function;
var token = req.headers['token'];
if (!token) {
return res.status(401).send({
status: 401,
data: 'No token provided.'
});
}
db.query('SELECT * FROM users WHERE token = $1', [token], function(err, data) {
if (err) return next(err);
db.query('SELECT role_name FROM roles r inner join role_mapping rm on r._id = rm.role_id WHERE rm.user_id = $1', [data.rows[0]._id], function(err, result) {
if (err) return next(err);
for(i in permission) {
if(i == result.rows[0].role_name)
if(i.func.read == true)
console.log('you have permission');
console.log('you dnt have permisstion write');
}
if (data.rows.length == 0) {
return res.status(404).send({
status: 404,
data: 'Failed to authenticate token.'
});
} else {
next();
}
});
});
}
我正在尝试检查用户的权限,我找到了使用此for(i in permission) {
if(i == result.rows[0].role_name)的用户的角色(appUser)。
我正在传递user,packages,user_packages etc作为查询参数,但我的问题是如何让用户对此表具有read权限?
我有admin,appUser和businessUser作为角色。我想为这三个用户提供不同的权限。
答案 0 :(得分:1)
您还需要循环到每个表的属性。 (循环读取写节点)
for (i in permission) { //loop tru the users
for (j in permission[i]) { //loop tru the table permission matrix of each user
if (j == req.query.your_query_name_of_table) { //condition for specific table
for (k in permission[i][j]) { //loop tru properties of the table
if (k == "read") { //because u want to check read permission only
if (permission[i][j][k]) { //because your value is boolean
console.log(i + " have permission to " + k + " on " + j);
} else {
console.log(i + " dont have permission " + k + " on " + j);
}
}
}
}
}
}
输出:
appUser有权阅读用户
如果读取为假,则为OR:
输出:
appUser无权阅读用户