1

I've been following the examples in the book "MEAN Machine", and I've implemented a simple token-based authentication system that makes the contents of a certain model only available to authenticated users.

I'd like to take this to a more complex level: I need three different user types.

I am building an app where some users (let's say, vendors) can upload certain data that could only be accessible to certain authenticated users (let's say, consumers), but vendors also need to be able to see, but not edit data uploaded by other vendors. Then, there would be a third type of user, the admin, who would be able to edit and see everything, including the details of other, lower level users.

How should I proceed in constructing this?

Thanks in advance for your help.

zcserei
  • 577
  • 7
  • 30

1 Answers1

1

As you mentioned that the authentication system is already working and now you need to implement Access List Control. The ACL end implementation depends a lot on your database model and requirements. There are also Node modules which have the support for more advanced models like this acl module https://www.npmjs.com/package/acl, supports also MongoDB.

Risto Novik
  • 8,199
  • 9
  • 50
  • 66
  • Thank you, I will look up ACL more in detail, I'd like to do this myself to better understand how it works, however, I might just default to using the module you referenced. – zcserei Jun 21 '15 at 18:48