I have to build an authorization module that allows user to use some functionality. in Node I'm using express and mysql with sequelize as ORM. I don't have roles, but only users table and permissions table from mysql db:
Users example (in js version)
users = [
{ userid: "1",
username: "arthur",
password: "excalibur"
},
{ userid: "2",
username: "merlin",
password: "occhetipoccheti"
},
{ userid: "1",
username: "morgana",
password: "imnotevil"
}]
Permissions
permissions = [
{ permissionid: "1",
action: "create",
description: "create a file"
},
{ permissionid: "2",
action: "read",
description: "reada file"
},
{ permissionid: "3",
action: "delete",
description: "delete a file"
},
{ permissionid: "4",
action: "update",
description: "update a file"
}]
My purpose is to create a module, and using it as express middleware. I lack of design patterns for this job (i'm a front-end devguy), and I've tried a lot of npm package (accesscontrol, acl, connect-roles etc.), but now I want to create my own code, since I don't need role based authorisation, but instead a simple check through a third table that matches user and permission ids:
Users_Permissions
users_permissions = [
{ userid: "1",
permissionid: "3"
},
{ userid: "1",
permissionid: "2"
},
{ userid: "2",
permissionid: "1"
},
{ userid: "3",
permissionid: "1"
},
{ userid: "3",
permissionid: "3"
},]
I have read some topics like these: Node JS and Access Control, Users management in node js with express, mongodb as server database
but the many of these is focusing on roles and I do not need role... How can I do? Can Someone help me with a tutorial link maybe? I want to know the best way to design a module in node.
Basically the function I want to build is
example module.can
can(userId, permissionid) {
users_permissions.forEach(element => {
if (userId == element.userid) {
if (element.permissionid == permissionid) {
console.log('true');
}
}
});
}
Thx you Pasquale
