Loopback Component user dynamic role

This loopback component add a new dynamic user role which mapping the operators of model to the role.
The role name should be '[modelName]' + '.' + '[operator]'. The role should be mapped into the ACL too.
And the role can be nested like this:

``coffee Role1: User.add

Role2: Role1

Role3: Role2`

The Role3 should has the User.add role too.

The role could have multi containers of permission(aother role) or permissions.

The Permission is the model with operation. You can use the *to match the any model or any operation. eg,'.add', 'User.'.

Add the .owned dynamical roles to edit, view, find, and deleteroles as postfix. For only edit/delete/view/find owned items.

Note:

* The same role could be exists in multi-roles. * Disable batch update roles. * The nested max level of role to limit. see config:maxLevel

`$3`

1. Install in you loopback project:

npm install --save loopback-component-role-user

2. Create a component-config.json file in your server folder (if you don't already have one)

3. Configure options inside component-config.json:

`json { "loopback-component-role-user": { "enabled": true, "cached": 0, "role": "$user", "userModel": "User", "roleIdFieldName": "name", "rolesFieldName": "roles", "permsFieldName": "_perms", "roleRefsFieldName": "_roleRefs", "models": [], "operations":[] } }`-enabled[Boolean]: whether enable this component. defaults: true -cached: [Integer]: whether cache the perms. defaults: 1 *0'none': no cache. you can write the custom _getPerms class method on the Role model to your cache. *1'updated': the cached perms updated when the role updated(default) *2'manual': if the _perms is not empty use the cached _perms else calc perms and update the _perms. * NOTE: you should update the_permsfield by yourself. just empty it for updated. -deleteUsedRole[Boolean]: whether allow to cascade delete used roles. defaults: false * only for updatedcached: 1. -maxLevel[Integer]: the max nested role level to limit. defaults: 10 -role[String] : the role name. defaults: $user -roleModel[string]: The role model to inject. defaults: Role * TherolesFieldName and permsFieldNamefields will be added to the Model. * ThehasPermmethod will be added to the Model. * TheaddRoles and removeRoles methods will be added if the rolesFieldNameis 'roles'. * TheRole.addRoles and Role.removeRolespermissions are added too. -userModel[string]: The user model to inject. defaults: User * TherolesFieldName and permsFieldNamefields will be added to the User Model. * ThehasPermmethod will be added to the User Model. * TheaddRoles and removeRoles methods will be added if the rolesFieldNameis 'roles'. * TheUser.addRoles and User.removeRolespermissions are added too. -rolesFieldName[string]: The roles field to define. defaults: roles * The model(role) can have zero or more roles/permissions. -permsFieldName[string]: The cached perms of this role. defaults: _perms * Cache all the permissions to the roles(Readonly). -ownerFieldName[string]: The owner id field to define. defaults: creatorId -roleRefsFieldName[string]: The cached items which reference this role(Readonly). defaults: _roleRefs -models[Boolean|Array of string]. defaults: true * enable the user role to the models.truemeans all models in the app.models. -operations[Object]: the mapping operations of model to the role name. * thekey is the operation(method), the valueis the role name. * Note: the operations name is the role name if no mapping operations. defaults:*

`js { create: 'add', upsert: 'edit', updateAttributes: 'edit', exists: 'view', findById: 'view', find: 'find', findOne: 'find', count: 'find', destroyById: 'delete', deleteById: 'delete' }`

`$3`

Just enable it oncomponent-config.json.

set DEBUG=loopback:security:role:user env vaiable to show debug info.

Model::hasPerm(perm)

`History`

`$3`

+ add the cached to determine whether cache the perms.

`$3`

+ add the .owned dynamical roles to edit.owned, view.owned, find.owned, and delete.owned. Only edit/delete/view/find owned items.

`$3`

* remove the limits: The same permission CAN NOT be exists in multi-roles. * [bug] the hasPerm should use the match function instead minimatch * [bug] updatePermsByRefs can not work properly. * [bug] mongodb error: key can not contain "." for _perms is object * [bug] can not change itself to roleRefs after roles changed + add themaxLeveloption to limit the max nested role level to avoid recusive * avoid exception when component not enabled. + add thedeleteUsedRole option to allow or forbidden cascade delete

`$3`

- remove the deprecated adminRole option. you can define the admin Role with .principal. * rename the operators option to operations * Customize the Role and User Model. - removehasRoleMethod. + add theRolesmxin. * Define theroles and permsfields. * roles: the * Add thehasPerm, addRoles and removeRolesmethods. + add thehasPerm, addRoles and removeRolesmethods to Role and User Model. * Performance optimization. * cache permissions and references.

`$3`

+ add the Role::hasRole`

Loopback Component user dynamic role

``coffee Role1: User.add

Role2: Role1

Role3: Role2`

The Role3 should has the User.add role too.

The role could have multi containers of permission(aother role) or permissions.

The Permission is the model with operation. You can use the *to match the any model or any operation. eg,'.add', 'User.'.

Add the .owned dynamical roles to edit, view, find, and deleteroles as postfix. For only edit/delete/view/find owned items.

Note:

* The same role could be exists in multi-roles. * Disable batch update roles. * The nested max level of role to limit. see config:maxLevel

`$3`

1. Install in you loopback project:

npm install --save loopback-component-role-user

2. Create a component-config.json file in your server folder (if you don't already have one)

3. Configure options inside component-config.json:

`js { create: 'add', upsert: 'edit', updateAttributes: 'edit', exists: 'view', findById: 'view', find: 'find', findOne: 'find', count: 'find', destroyById: 'delete', deleteById: 'delete' }`

`$3`

Just enable it oncomponent-config.json.

set DEBUG=loopback:security:role:user env vaiable to show debug info.

Model::hasPerm(perm)

`History`

`$3`

+ add the cached to determine whether cache the perms.

`$3`

+ add the .owned dynamical roles to edit.owned, view.owned, find.owned, and delete.owned. Only edit/delete/view/find owned items.

`$3`

+ add the Role::hasRole`