Sails permissions by example
转自 http://threeninetyfive.net/blog/2015/07/14/sails-permissions-by-example/
The goal of this post is to provide a hands on example of the sails-permissions library. Note that this example is based on version 1.x.x of sails-permissions. You can start from scratch, or you can check out the project with some initial setup, or in its finished state. If you just want to check out the project in it's finished state:
git clone git@github.com:ryanwilliamquinn/sails-permissions-example.git
cd sails-permissions-example
git ch -f complete
npm install
Sails-permissions is all about managing which users can perform which actions on which models.
For our example application, we will create an API for a reviews site.
The permissions rules are as follows:
- Anyone can read an active review.
- To create a review, a user must be logged in.
- To edit or delete a review, a user must be logged in and must be the owner of the review.
- An admin user can create/read/update/delete any review, regardless of ownership.
To start off, you can either check out the code from github in its initial state, which has sails-permissions installed configured, and the models set up:
git clone git@github.com:ryanwilliamquinn/sails-permissions-example.git
cd sails-permissions-example
git ch -f step1
npm install
If you are using the cloned repository, skip ahead to creating permissions
Otherwise you can follow the manual installation instructions to learn how to set up sails permissions:
Step 1: create a new sails app
sails new reviews
cd reviews
npm install
npm install --save lodash
Step 2: install sails-permissions and sails-auth
npm install --save sails-permissions sails-auth
2a: Add the sails permission generator configuration to .sailsrc in the root of the sails app (make your .sailsrc file look like this):
{
"generators": {
"modules": {
"permissions-api": "sails-permissions/generator"
}
}
}
2b: Run the generator
sails generate permissions-api
should get some output like: info: Created a new permissions-api ("permissions-api")!
2c: Optionally set environment variables for the admin user. We will be using the defaults for this example, but in a production app you should definitely change them. The env vars are: ADMIN_USERNAME, ADMIN_EMAIL, and ADMIN_PASSWORD
2d: Update the policies configuration. Make your config/policies.js file look like this:
module.exports.policies = {
'**': [
'basicAuth',
'passport',
'sessionAuth',
'ModelPolicy',
'AuditPolicy',
'OwnerPolicy',
'PermissionPolicy',
'RolePolicy',
'CriteriaPolicy'
],
AuthController: {
'*': ['passport']
}
};
Step 3: create the 'review' model and controller
sails generate api review
3a: Add some fields to the 'review' model - add this block to the 'attributes' section of api/models/Review.js
title: 'string',
text: 'string',
category: 'string'
Step 4: Some configuration for the ORM - uncomment this line from config/models.js:
migrate: 'alter'
Step 5: Make sure it works:
sails lift
## this should start up the app
## you should be able to browse to http://localhost:1337 and see the sails splash page
## hit ctrl-c a couple times to stop the app once you have verified that it is working
Creating Permissions
There is a permissions admin UI in the works, but for now the easiest way to examine permissions is through the sails repl. Now that our project is configured, we can start it up via sails console
to bring up the repl.
Sails-permissions has a few default roles ('admin', 'registered', 'public'). We can see them by running this command in the repl:
