Add more information to the logical models
This commit is contained in:
Raymond Feng
parent
044d2c4bcc
commit
a228ade1b1
|
|
@ -1,17 +1,32 @@
|
||||||
// Schema ACL options
|
/**
|
||||||
|
Schema ACL options
|
||||||
|
|
||||||
|
Object level permissions, for example, an album owned by a user
|
||||||
|
|
||||||
// Object level permissions
|
Factors to be authorized against:
|
||||||
|
|
||||||
// open: no protection
|
* model name: Album
|
||||||
// none: always rejected
|
* model instance properties: userId of the album, friends, shared
|
||||||
// owner: only the owner
|
* methods
|
||||||
// loggedIn: any logged in user
|
* app and/or user ids/roles
|
||||||
// roles: logged in users with the roles
|
** loggedIn
|
||||||
// related: owner of the related objects
|
** roles
|
||||||
|
** userId
|
||||||
|
** appId
|
||||||
|
** none
|
||||||
|
** everyone
|
||||||
|
** relations: owner/friend/granted
|
||||||
|
|
||||||
// Class level permissions
|
Class level permissions, for example, Album
|
||||||
|
* model name: Album
|
||||||
|
* methods
|
||||||
|
|
||||||
// scopes
|
URL/Route level permissions
|
||||||
|
* url pattern
|
||||||
|
* application id
|
||||||
|
* ip addresses
|
||||||
|
* http headers
|
||||||
|
|
||||||
// URL level permissions
|
Map to oAuth 2.0 scopes
|
||||||
|
|
||||||
|
*/
|
||||||
|
|
@ -2,9 +2,9 @@
|
||||||
var RoleSchema = {
|
var RoleSchema = {
|
||||||
id: {type: String, required: true},
|
id: {type: String, required: true},
|
||||||
name: {type: String, required: true},
|
name: {type: String, required: true},
|
||||||
roles: [String],
|
roles: [String], // A role can be an aggregate of other roles
|
||||||
users: [String],
|
users: [String], // A role contains a list of users
|
||||||
acl: [],
|
acls: [],
|
||||||
|
|
||||||
created: Date,
|
created: Date,
|
||||||
lastUpdated: Date
|
lastUpdated: Date
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,21 @@
|
||||||
// User model
|
// User model
|
||||||
var UserSchema = {
|
var UserSchema = {
|
||||||
id: {type: String, required: true},
|
id: {type: String, required: true},
|
||||||
|
realm: {type: String},
|
||||||
username: {type: String, required: true},
|
username: {type: String, required: true},
|
||||||
password: String,
|
password: {type: String, transient: true}, // Transient property
|
||||||
authData: [],
|
hash: {type: String}, // Hash code calculated from sha256(realm, username, password, salt, macKey)
|
||||||
|
salt: {type: String},
|
||||||
|
macKey: {type: String}, // HMAC to calculate the hash code
|
||||||
email: String,
|
email: String,
|
||||||
emailVerified: Boolean,
|
emailVerified: Boolean,
|
||||||
|
credentials: [
|
||||||
|
'UserCredential' // User credentials, private or public, such as private/public keys, Kerberos tickets, oAuth tokens, facebook, google, github ids
|
||||||
|
],
|
||||||
|
challenges: [
|
||||||
|
'Challenge' // Security questions/answers
|
||||||
|
],
|
||||||
|
status: String,
|
||||||
created: Date,
|
created: Date,
|
||||||
lastUpdated: Date
|
lastUpdated: Date
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue