J. ACL Groups
In this section, you will learn how to create and configure an OnixJS ACL Group.
An OnixJS ACL Group is an artifact that allows you to logically verify that a caller belongs to a specific group of permissions, e.g. admins, developers, etc.
import {Inject, IRequest, AccessType, IGroup} from '@onixjs/core';
import {MyModel} from './my.model';
export class AdminGroup implements IGroup {
// Any injectable can be injected within a group
@Inject.Model(MyModel) private model: MyModel;
// Verify access according your system design.
async access(request: IRequest, type: AccessType) {
// You might want to get the user by token or id.
const user = this.model.find({
id: request.metadata.caller,
token: request.metadata.token,
active: true,
group: 'admin'
});
// Validate access
return (user && type === AccessType.ALLOW);
}
}In real life, verifying access would be slightly more complex than doing only 1 db call, but for practical purposes, we decided to make it as the example above.
As stated before any injectable can be used within a system group.
Will be executed when a RPC or Stream method that implements an ACL Rule using this group is executed.
The request object uses the IRequest interface and provides the following json schema form:
{
metadata: {
caller: 'userid',
token: 'sometoken'
},
// The requester payload
payload: {}
}