rbac service

Provides JWT-based authentication capabilities. This service is provided via the flobot plugin and isn't offered by any of the other core plugins.

Boot config

This service doesn’t require any configuration to boot.

Service methods/properties

refreshIndex

Regenerates the internal RBAC index. Needs to be done to reflect any changes made to the underlying state-machines (e.g. fbot_permission_1_0, fbot_role_1_0 and fbot_membership_1_0)

Parameters

callback Function Called with a standard error

Examples

rbac.refreshIndex(
  function (err) {
    // Would expect err to be null
  }
)

Returns undefined

checkRoleAuthorization

Checks the supplied credentials against the internal RBAC index

Parameters

userId string A userId to check (used for dynamic checks such as ‘allow update as long as userId matches with the author of target document’)
ctx Object A Flobot context (optional)
roles Array<string> An array of roleIds
resourceType string The type of resource to authorize against (e.g. flow)
resourceName string The name of the resource that the credentials are being checked against (e.g. flow fbotTest_cat_1_0 startNewFlobot)
action string And the name of action these credentials are wanting to perform (e.g. startNewFlobot)

Examples

var allowed = rbac.getUserIdFromContext(
  'Dave', // userId
  null, // ctx
  ['fbotTest_fbotTestAdmin'], // roles
  'flow', // resourceType,
  'fbotTest_cat_1_0', // resourceName,
  'startNewFlobot' // action
) // Returns true/false

Returns boolean Indicates if the provided credentials allow the specified action to be applied to the named resource (true) or not (false)

Boots after

statebox storage