CbSecurity has some fine mechanisms to work with user permissions (the CbAuth validator) or user roles (CFML Security validator). The cbauth validator is really flexible, but sometimes you still need more options. In one of our projects our users can have one or more fixed roles and we assigned several permissions to each role. Our rules looked like this:
{ secureList : "auth.Customers\.index", permissions : LIST_CUSTOMERS }, { secureList : "auth.Customers\.show", permissions : SHOW_CUSTOMERS }, { secureList : "auth.Customers\..*", permissions : MANAGE_CUSTOMERS }, // ...... // block all rule { secureList : ".*", permissions : "JUST_A_PLACEHOLDER", whitelist : whiteRules.toList() }
This is only a very small part of our rules. We had to keep track of all kind of permission names (and we put them in variables to prevent typo’s) and still had to assign these permissions to a fixed set of roles. Quite some administration. We decided we had more wishes, in our case:
- each individual endpoint should have its own permission for very fine-grained control.
- any number of roles which we can create in an API
- assignment of permission to these roles in the API
- assignment of roles to users in the API
- and since we are using a VueJS frontend, we wanted a list of ALL available endpoints (based on permissions) for a user
Recent Comments