2013-07-01 18:51:28 +00:00
|
|
|
/**
|
|
|
|
|
Schema ACL options
|
2013-06-26 23:25:51 +00:00
|
|
|
|
2013-07-01 18:51:28 +00:00
|
|
|
Object level permissions, for example, an album owned by a user
|
2013-06-26 23:25:51 +00:00
|
|
|
|
2013-07-01 18:51:28 +00:00
|
|
|
Factors to be authorized against:
|
2013-06-26 23:25:51 +00:00
|
|
|
|
2013-07-01 18:51:28 +00:00
|
|
|
* model name: Album
|
|
|
|
|
* model instance properties: userId of the album, friends, shared
|
|
|
|
|
* methods
|
|
|
|
|
* app and/or user ids/roles
|
|
|
|
|
** loggedIn
|
|
|
|
|
** roles
|
|
|
|
|
** userId
|
|
|
|
|
** appId
|
|
|
|
|
** none
|
|
|
|
|
** everyone
|
|
|
|
|
** relations: owner/friend/granted
|
2013-06-26 23:25:51 +00:00
|
|
|
|
2013-07-01 18:51:28 +00:00
|
|
|
Class level permissions, for example, Album
|
|
|
|
|
* model name: Album
|
|
|
|
|
* methods
|
2013-07-15 21:07:17 +00:00
|
|
|
// blog posts
|
|
|
|
|
allow: ['owner', 'admin'] to: '*' // allow owner's of posts and admins to do anything
|
|
|
|
|
allow: '*' to: ['find', 'read'] // allow everyone to read and find
|
|
|
|
|
// comments
|
|
|
|
|
allow '*' to: ['find', 'read'] // read aka findById
|
|
|
|
|
allow 'user' to: ['create']
|
|
|
|
|
allow ['owner', 'admin'] to: '*'
|
|
|
|
|
|
|
|
|
|
// users only section
|
|
|
|
|
allow: '*' to: ['find', 'read', 'create']
|
|
|
|
|
allow: 'owner' to: ['*.destroy', '*.save']
|
|
|
|
|
|
2013-06-26 23:25:51 +00:00
|
|
|
// scopes
|
|
|
|
|
|
2013-07-15 21:07:17 +00:00
|
|
|
// URL level permissions
|
2013-07-01 22:53:10 +00:00
|
|
|
*/
|
