Add more information to the logical models
This commit is contained in:
Raymond Feng
parent
044d2c4bcc
commit
a228ade1b1
|
|
@ -1,17 +1,32 @@
|
|||
// Schema ACL options
|
||||
/**
|
||||
Schema ACL options
|
||||
|
||||
Object level permissions, for example, an album owned by a user
|
||||
|
||||
// Object level permissions
|
||||
Factors to be authorized against:
|
||||
|
||||
// open: no protection
|
||||
// none: always rejected
|
||||
// owner: only the owner
|
||||
// loggedIn: any logged in user
|
||||
// roles: logged in users with the roles
|
||||
// related: owner of the related objects
|
||||
* model name: Album
|
||||
* model instance properties: userId of the album, friends, shared
|
||||
* methods
|
||||
* app and/or user ids/roles
|
||||
** loggedIn
|
||||
** roles
|
||||
** userId
|
||||
** appId
|
||||
** none
|
||||
** everyone
|
||||
** relations: owner/friend/granted
|
||||
|
||||
// Class level permissions
|
||||
Class level permissions, for example, Album
|
||||
* model name: Album
|
||||
* methods
|
||||
|
||||
// scopes
|
||||
URL/Route level permissions
|
||||
* url pattern
|
||||
* application id
|
||||
* ip addresses
|
||||
* http headers
|
||||
|
||||
// URL level permissions
|
||||
Map to oAuth 2.0 scopes
|
||||
|
||||
*/
|
||||
|
|
@ -2,9 +2,9 @@
|
|||
var RoleSchema = {
|
||||
id: {type: String, required: true},
|
||||
name: {type: String, required: true},
|
||||
roles: [String],
|
||||
users: [String],
|
||||
acl: [],
|
||||
roles: [String], // A role can be an aggregate of other roles
|
||||
users: [String], // A role contains a list of users
|
||||
acls: [],
|
||||
|
||||
created: Date,
|
||||
lastUpdated: Date
|
||||
|
|
|
|||
|
|
@ -1,11 +1,21 @@
|
|||
// User model
|
||||
var UserSchema = {
|
||||
id: {type: String, required: true},
|
||||
realm: {type: String},
|
||||
username: {type: String, required: true},
|
||||
password: String,
|
||||
authData: [],
|
||||
password: {type: String, transient: true}, // Transient property
|
||||
hash: {type: String}, // Hash code calculated from sha256(realm, username, password, salt, macKey)
|
||||
salt: {type: String},
|
||||
macKey: {type: String}, // HMAC to calculate the hash code
|
||||
email: String,
|
||||
emailVerified: Boolean,
|
||||
credentials: [
|
||||
'UserCredential' // User credentials, private or public, such as private/public keys, Kerberos tickets, oAuth tokens, facebook, google, github ids
|
||||
],
|
||||
challenges: [
|
||||
'Challenge' // Security questions/answers
|
||||
],
|
||||
status: String,
|
||||
created: Date,
|
||||
lastUpdated: Date
|
||||
}
|
||||
Loading…
Reference in New Issue