Skip to content

Grottocenter's Rights Management

Jump to bottom
Clément Roig edited this page Feb 3, 2022 · 2 revisions

Database

The table t_right lists all the rights of Grottocenter, using the folowing pattern: Resource - action.

Some examples:

  • Entrance - edit any
  • Cave - create
  • Entrance - view complete

Then, the rights are linked to the user groups of Grottocenter, using the j_group_right table. An user (caver) can belong to 0 any number of groups, including 0. Here is the list of the groups:

  1. Administrator
  2. Moderator
  3. User
  4. Visitor
  5. Leader

The three first ones are the main ones and the only one used by now.

Server-side

Everytime the server needs to check if an action can be executed by an user, it calls the RightService. Here is an example:

const hasRight = await sails.helpers.checkRight
  .with({
    groups: req.token.groups,
    rightEntity: RightService.RightEntities.CAVE, // <----- Resource / entity
    rightAction: RightService.RightActions.CREATE, // <----- Action
  })
  .intercept('rightNotFound', (err) => {
    return res.serverError(
      'A server error occured when checking your right to create a cave.',
    );
  });
if (!hasRight) {
  return res.forbidden('You are not authorized to create a cave.');
}

Wrapping up

Every time you want to add a feature to the server, be sure to:

  • Check if the right to perform it is present in your local database => if not, add it.
  • Check if the right to perform it is present in the production database => if not, add it.
  • Add the right to the sql/rights.sql file.
  • Add the link between right and groups in j_group_right (again: local database, production database and /sql/group_rights.sql file).
  • In your controller, call the CheckRightService at the beginning of your feature.
Clone this wiki locally