Subscribe to our list to receive the latest updates on Node on Fire

Class: AccessControl

AccessControl

new AccessControl()

AccessControl manages the permissions of create, read, update and delete actions on models. Only actions through the models API go through the access control. This effectively manages the permissions of the actions happening in the front-end, but leaves everything happening in the back-end untouched. Please remember this.

The below example creates a simple Book model which only signed-in admin users are allowed to create.

function Book() {
    this.name = [this.String, this.Required];
}
app.model(Book);

Book.prototype.accessControl = function() {
    return {
        canCreate: function(authenticator) {
            return (authenticator && authenticator.isAdmin);
        }
    };
};

Please note the access control is only applied to the model controllers generated by the API. When calling any of the model methods directly no access control is applied.

Do you have any questions or comments on this page? Start a discussion below.

comments powered by Disqus
Subscribe to our list to receive the latest updates on Node on Fire