ACL on object field level #4344
Comments
|
Is it crazy if I create each role for each field, and create a high-level role is a set of children role? I'll a list of roles: Example I have 2 groups:
|
|
Yes pretty crazy indeed |
|
The easiest way to realize it, would be to code a proof of concept yourself :) |
|
Write the fields level permission check module and put it in |
|
I implement this in a similar way to @trylovetom, within before* triggers. Example function for checking if user has a role: export const getUserRoles = (user, options) => {
// eslint-disable-next-line
return new Parse.Query('_Role').equalTo('users', user).find(options)
.then((roles) => {
return Promise.resolve(roles.map((r) => r.get('name')))
})
}
export const userHasRole = (user, roleName, options) => {
if (!user) {
console.warn('Warning: no user, assume master key and say user has role')
}
return getUserRoles(user, options)
.then((roles) => {
return Promise.resolve(roles.includes(roleName))
})
}
export const reqHasRole = (req, roleName, options) => {
if (req.master) {
console.warn('Master key has role', roleName)
return Promise.resolve(true);
} else {
return userHasRole(req.user, roleName, options)
}
}In trigger (or any cloud code function with a return auth.reqHasRole(req, parentOrgAdminRoleName)
.then((userHasAdminRole) => {
if (!userHasAdminRole) {
return Promise.reject('Only admins of parentOrganization can create subOrgs')
} else {
return Promise.resolve()
}
}) |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
If I don't like to use Parse Cloud Code Solution, how can I implement ACL on field level?
Because I want to grant permission on some fields for some people can update, some people only view, and some people won't see some fields?
Can I do it with a best practice solution?
Thanks a lot!
The text was updated successfully, but these errors were encountered: