Sails permissions by example

转自 http://threeninetyfive.net/blog/2015/07/14/sails-permissions-by-example/

The goal of this post is to provide a hands on example of the sails-permissions library. Note that this example is based on version 1.x.x of sails-permissions. You can start from scratch, or you can check out the project with some initial setup, or in its finished state. If you just want to check out the project in it's finished state:

git clone [email protected]:ryanwilliamquinn/sails-permissions-example.git
cd sails-permissions-example
git ch -f complete
npm install

Sails-permissions is all about managing which users can perform which actions on which models.

For our example application, we will create an API for a reviews site.

The permissions rules are as follows:

• Anyone can read an active review.
• To create a review, a user must be logged in.
• To edit or delete a review, a user must be logged in and must be the owner of the review.
• An admin user can create/read/update/delete any review, regardless of ownership.

To start off, you can either check out the code from github in its initial state, which has sails-permissions installed configured, and the models set up:

git clone [email protected]:ryanwilliamquinn/sails-permissions-example.git
cd sails-permissions-example
git ch -f step1
npm install

If you are using the cloned repository, skip ahead to creating permissions
Otherwise you can follow the manual installation instructions to learn how to set up sails permissions:
Step 1: create a new sails app

sails new reviews
cd reviews
npm install
npm install --save lodash

Step 2: install sails-permissions and sails-auth

npm install --save sails-permissions sails-auth

2a: Add the sails permission generator configuration to .sailsrc in the root of the sails app (make your .sailsrc file look like this):

{
"generators": {
"modules": {
"permissions-api": "sails-permissions/generator"
}
}
}

2b: Run the generator

sails generate permissions-api
should get some output like: info: Created a new permissions-api ("permissions-api")!

2c: Optionally set environment variables for the admin user. We will be using the defaults for this example, but in a production app you should definitely change them. The env vars are: ADMIN_USERNAME, ADMIN_EMAIL, and ADMIN_PASSWORD
2d: Update the policies configuration. Make your config/policies.js file look like this:

module.exports.policies = {
'**': [
'basicAuth',
'passport',
'sessionAuth',
'ModelPolicy',
'AuditPolicy',
'OwnerPolicy',
'PermissionPolicy',
'RolePolicy',
'CriteriaPolicy'
],
AuthController: {
'*': ['passport']
}
};

Step 3: create the 'review' model and controller

sails generate api review

3a: Add some fields to the 'review' model - add this block to the 'attributes' section of api/models/Review.js

title: 'string',
text: 'string',
category: 'string'

Step 4: Some configuration for the ORM - uncomment this line from config/models.js:

migrate: 'alter'

Step 5: Make sure it works:

sails lift
## this should start up the app
## you should be able to browse to http://localhost:1337 and see the sails splash page
## hit ctrl-c a couple times to stop the app once you have verified that it is working

Creating Permissions

There is a permissions admin UI in the works, but for now the easiest way to examine permissions is through the sails repl. Now that our project is configured, we can start it up via sails console
to bring up the repl.
Sails-permissions has a few default roles ('admin', 'registered', 'public'). We can see them by running this command in the repl: