Nestjs: Access control based on the organization of a user

Question

I am writing my first API with NestJS and I am looking for a smart way of managing access to resources. I have the following simplified structure:

organization:
- users
- products
users:
- email
- organization
products:
- organization
- more data

I use Passport JWT and Local strategies. But I want to make sure only users from inside the organization can update and create products for that organization.

I have looked at nest-access-control but can't figure out if it can be used for this.

have you find a solution? – fasenderos Mar 12 '21 at 14:16 — fasenderos, Mar 12 '21 at 14:16

score 0 · Answer 1 · answered Nov 23 '21 at 20:04

You can create a third table called 'memberOrganization', with the following columns:

membersOrganization
- idMembersOrganization
- idUser
- idOrganization
- idPermission

and a fourth table:

permissions
- idPermission
- permission

That way you could check if that user is a member of that organization and what permissions they have (using leftJoins). Depending on permission, you allow the creation of such products.

Holpe this helps.

Nestjs: Access control based on the organization of a user

1 Answers1