Architectural issue with permissions in express.js

Question

I’m building some app on Express.js and I came across an architectural problem with permissions.

Examples resources: Organisation, user, unit, resource

Each user can belong to multiple organisation, each organisation can have multiple units, and each unit can have multiple resources.

Assume that every user can add any number of unit and resource. And here comes the problem, because app must check if the resource being added is actually added to unit, which belongs to organisation, that has user who executes this query…

The structure is exemplary, in the real application it will be much more complex, so approach like "move up to the ladder", can be insufficient.

Do any of you have an idea how to solve this problem in the most efficient way?

Do you mean how to authorize the api endpoints that perform these operations? — Talha Awan, Aug 04 '17 at 19:36

score 0 · Answer 1 · answered Aug 05 '17 at 16:31

These relations needs to be build in a database, sounds to me as you need a relational database like mysql here (an answer for node.js and mysql).

Here is an exemplary code creating a first table structure, you may have to descide, if you need also links between users and units or resources:

CREATE TABLE Users (
    userid SERIAL PRIMARY KEY, 
    username VARCHAR(100) UNIQUE KEY,
    email VARCHAR(256), 
    password VARCHAR(256),
    created_on TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    updated_on TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
    );

CREATE TABLE Organisation (
    orgid SERIAL PRIMARY KEY,
    organisation VARCHAR(140) UNIQUE KEY
    );
CREATE TABLE User2Organisation (
    userid BIGINT UNSIGNED NOT NULL,
    orgid BIGINT UNSIGNED NOT NULL,
    FOREIGN KEY (userid) REFERENCES Users(userid),
    FOREIGN KEY (orgid) REFERENCES Organisation(orgid),
    PRIMARY KEY (userid,orgid)
    );
CREATE TABLE Units (
    unitid SERIAL PRIMARY KEY,
    unit VARCHAR(140) UNIQUE KEY,
    orgid BIGINT UNSIGNED NOT NULL,
    FOREIGN KEY (orgid) REFERENCES Organisation(orgid)
    );
CREATE TABLE Resources (
    resourceid SERIAL PRIMARY KEY,
    resource VARCHAR(140) UNIQUE KEY,
    unitid BIGINT UNSIGNED NOT NULL,
    FOREIGN KEY (unitit) REFERENCES Units(unitid)
    );

This is just a starting point for the database design. Also Views may help to check, if the user has the right access rights for it.

Architectural issue with permissions in express.js

1 Answers1