Add more comments

This commit is contained in:
Raymond Feng 2014-03-19 16:24:50 -07:00
parent 328a72ac91
commit aaaa28d569
1 changed files with 7 additions and 1 deletions

View File

@ -138,7 +138,12 @@ ACL.getMatchingScore = function getMatchingScore(rule, req) {
} }
} }
// Weigh agaist the principal type // Weigh against the principal type into 4 levels
// - user level (explicitly allow/deny a given user)
// - app level (explicitly allow/deny a given app)
// - role level (role based authorization)
// - other
// user > app > role > ...
score = score * 4; score = score * 4;
switch(rule.principalType) { switch(rule.principalType) {
case ACL.USER: case ACL.USER:
@ -155,6 +160,7 @@ ACL.getMatchingScore = function getMatchingScore(rule, req) {
} }
// Weigh against the roles // Weigh against the roles
// everyone < authenticated/unauthenticated < related < owner < ...
score = score * 8; score = score * 8;
if(rule.principalType === ACL.ROLE) { if(rule.principalType === ACL.ROLE) {
switch(rule.principalId) { switch(rule.principalId) {