Conceptual Overview
permissionsA User is allowed to perform an action on an object if they have a Role which has the requested Permission.
A Permission grants a Role the ability to perform a particular action on a Model. A Permission can optionally have Criteria.
A Criteria is an optional extension of a Permission. It can have either a blacklist, a 'where' clause, or both. A 'where' clause limits the scope of the Permission, and a blacklist disallows action on the specified model attributes. There is a one-to-many relationship between Permission and Criteria.
An action can be one of:
- create
- read
- update
- delete
A Model is one of your defined Waterline collections; in sails.js, these are the modules inside api/models.
Role links a User to a group of Permission. Many Users can share the same Role.
A Permission can only be granted to a single Role. (Permission->Role is many->one) For example, if two Roles want to permit the same action, two Permission objects must be created.