-
Notifications
You must be signed in to change notification settings - Fork 358
Admin & Admin Group Permissions
The goal of this page is to explain how the Admin
and AdminGroup
permission features work.
Admins can be members of zero or many Admin Groups. You can change an Admin's group memberships via the /api/admins/:id/permissions
endpoint.
The instance method Admin#isMemberOf(groupId)
is available to you during request logic. You can use this to check if an Admin is a member of a group like so:
var credentials = request.auth.credentials;
if (credentials.roles.admin.isMemberOf('root')) {
// yes, is a member of the 'Root' group
}
Both the Admin
and the AdminGroup
schemas have a field called permissions
. These fields are just simple objects where the keys are the permission slug and a true/false values representing if that permission is granted.
The instance method Admin#hasPermissionTo(something, callback)
is available to you during request logic. You can use this to check if a member is permitted to do something by permission name.
We first check if any of the Admin's group memberships permit this and then we check if that Admin has a specific rule set for the permission. This allows us to define granular permissions at the Admin level that override the group's permissions (either true or false).
const credentials = request.auth.credentials;
credentials.roles.admin.hasPermissionTo('DELETE_NOTES', (err, allowed) => {
if (err) {
// hydrating failed
}
if (allowed) {
// yes, you may delete notes
}
else {
// no, you may not delete notes
}
});
Example: Let's say we have an Admin Group called Support
and we let everyone in that group delete notes. If we have an Admin that we want to be in that group, but we don't want them to delete notes, all we need to do is define the 'DELETE_NOTES' permission for them and set it to false
. Or we can grant permission to specific Admins without needing to add them to an entire group.
You should also familiarize yourself with the concepts of Users, Roles & Groups.
We hope this was helpful. If you have questions or think this page should be expanded please contribute by opening an issue or updating this page.