Roles are a very useful aspect to an abstract system, especially for systems that have more than one function or application. These roles are assigned to accounts and in turn these accounts can access said roles.
For my implementation using mongodb, I will follow the same methodology I've used in the past: role definitions and role permissions.
Mongoose schema definitions:
So, very simply, a role has a description, and its _id is stored in the permission collection for the specific account_id. A user's account_id is stored in a session server side. Then, whenever a user requests client javascript or GET/POST data for a specific role, a check to p_roles will be made.
No comments:
Post a Comment