Roles
API access setup
We have already completed the setup and configuration steps, we now want to understand user roles and permissions
intro
Vastly sets permissions using REST methods on the available routes, vastly by default has two users
1. admin
2. user
This roles are initialized during vastly setup and are automatically seeded into the database, this is handled by the role controlller located at utils/app/seedRoles.js from the root directory
Roles can only be initialized once and to reinitialize them the role model must be first deleted from the database
Role structure
Below is a role structure for a role with an ADMIN key
{
name: "ADMIN",
permissions: [
{
path: "/roles",
model: "roles",
access: ["POST", "GET", "PATCH", "DELETE"],
},
{
path: "/auths",
model: "auths",
access: ["GET"],
},
],
}
Structure validation
The field name acts as the role key and is used to query for a role in the controlllers.
name: "ADMIN",
The permissions array holds all route configurations and access methods that a role has.
permissions: [
{
path: "/roles",
model: "roles",
access: ["POST", "GET", "PATCH", "DELETE"],
},
{
path: "/auths",
model: "auths",
access: ["GET"],
},
],
The permissions objects define an API route and the allowed REST methods for the role
{
path: "/roles",
model: "roles",
access: ["POST", "GET", "PATCH", "DELETE"],
},
In the above case the ADMIN role can send "POST", "GET", "PATCH", "DELETE" requests on the /roles API route
{
path: "/auths",
model: "auths",
access: ["GET"],
}
In the above case the ADMIN role can only perform a "GET" request on the /auths role meaning they cant delete, update or create any resouce in that endpoint
Updating roles
controller
To easily update permissions on API routes we recommend using the API controlller, it Visualized the available routes, their REST permissions and has automatic saving on update
postman
Roles can be updated using the roles REST API routes, view routes here