|
|
|
|
|
|
by zackmorris
3382 days ago
|
|
|
After implementing an ACL system with permissions inheritance for child nodes, I'm of the opinion that it's not really something that can be written by humans efficiently. Not to say that the concept is bad, just that it touches on so many things that it should probably only be attempted by way of a framework (which largely doesn't exist, at least not universally, so kudus to ladon for trying). For anyone struggling with permissions, it might be easier to think about them in terms of which actions are available to a user at each endpoint, something along the lines of this with HATEOAS and filtering links: https://opencredo.com/designing-rest-api-fine-grained-resour... A few things that ACLs can potentially break: * PUT/PATCH requests: every relationship (and every attribute if using field-level security) of every resource needs permissions checks * Database consistency: if logic is too complex to put in triggers, then permissions table can get out of sync with roles * Russian doll caching (and caching in general): views now vary by user based on what subviews are visible There are so many ramifications with permissions systems that it's worth implementing them early on in your project if you know you'll need them, or approaching them from a different angle like how Firebase rules are implemented declaratively and inherited per-resource. |
|
|
It's called the Capability Model: https://en.wikipedia.org/wiki/Capability-based_security