RBAC is like an user role system, in word-press or any CMS and dev.to have it too. But how do you design your database in mongodb/nosql? since the bad and good of nosql it is fluidness and dont care much about our database design (IMO) how would you make it on mongodb/noSQL? using collection as a pivot? same as SQL database?
Here is the things.
- User had a role
- User had a menu
- Some user just can see the menu, but cant edit/update the menu
- Some user fully get all access to the menu
EDIT:
Here comes my schema approach so far :
menus.model.js
module.exports = function (app) {
const mongooseClient = app.get('mongooseClient');
const { Schema } = mongooseClient;
const menus = new Schema({
name: { type: String, required: true },
slug: { type: String, required: true },
menu_roles: [{
roles_id: { type: Schema.Types.ObjectId, ref : 'Roles' },
roles_name: { type: String },
create: { type: Boolean },
delete: { type: Boolean },
update: { type: Boolean },
read: { type: Boolean },
}]
}, {
timestamps: true
});
return mongooseClient.model('menus', menus);
};
roles.models.js
module.exports = function (app) {
const mongooseClient = app.get('mongooseClient');
const { Schema } = mongooseClient;
const roles = new Schema({
name: { type: String, required: true },
slug: { type: String, required: true },
}, {
timestamps: true
});
return mongooseClient.model('roles', roles);
};
users.models.js
module.exports = function (app) {
const mongooseClient = app.get('mongooseClient');
const { Schema } = mongooseClient
const users = new mongooseClient.Schema({
email: {type: String, unique: true, lowercase: true},
password: { type: String },
first_name: { type: String },
last_name: { type: String },
roles: { type: Schema.Types.ObjectId, ref : 'Roles' },
}, {
timestamps: true
});
return mongooseClient.model('users', users);
};
Still on work, feedback are pretty welcome thanks!
Top comments (2)
Use npm module access control,RBAC module functions for no Node.
Hi, what do you mean? I just made my own middleware to every request so they check user permission on every request.