Security
To understand ScaffoldHub security, you must understand the concepts:
Permission
Permission is a particular action a user can perform. Examples are customer create, audit log read, or user delete.
Role
A role is a group of permissions. For example, an admin (role) can create users (permission), view audit logs (permission), etc.
Out-of-the-box ScaffoldHub has two roles: Admin and Custom. The idea is that you manually create more roles based on your business context.
Users, Workspaces (Tenants), and Roles
Users can have multiple roles in multiple tenants. For example, a user can be a viewer (role) and an entity editor (role) on Workspace A (workspace), and an admin (role) on Workspace B (workspace).
Demonstration
For this demonstration, we will have the following setup:
admin@scaffoldhub.io with the admin role.
readonly@scaffoldhub.io with the custom role.
The admin role has all the permissions.
The custom role has permission to read customers, products, and orders.
Code
Permissions
Each feature has its own permissions file that describes the features and roles that can access each resource.
Each permission has the following properties:
id
- Describes a unique ID of the permission.
allowedRoles
- The roles that are allowed for this permission.
allowedStorage
- The file storage configuration that is included in this permission.
Roles
Storage (Files)
Each feature has its storage file that describes how files are stored.
More details in Features > File Storage.
Securing Controllers
Controllers start by calling the validateHasPermission
function that validates if the current user can access that permission.
Securing Pages
Pages call the hasPermission
method to check if the current user has that permission. The app then redirects the user or hides a navigation button if the user hasn't.
Last updated