rbac service

Provides JWT-based authentication capabilities. This service is provided via the tymly plugin and isn't offered by any of the other core plugins.

Boot config

  • This service doesn’t require any configuration to boot.

Service methods/properties

refreshIndex

Regenerates the internal RBAC index. Needs to be done to reflect any changes made to the underlying state-machines (e.g. fbot_permission_1_0, fbot_role_1_0 and fbot_membership_1_0)

Parameters

  • callback Function Called with a standard error

Examples

rbac.refreshIndex(
  function (err) {
    // Would expect err to be null
  }
)

Returns undefined

checkRoleAuthorization

Checks the supplied credentials against the internal RBAC index

Parameters

  • userId string A userId to check (used for dynamic checks such as ‘allow update as long as userId matches with the author of target document’)
  • ctx Object A Tymly context (optional)
  • roles Array<string> An array of roleIds
  • resourceType string The type of resource to authorize against (e.g. flow)
  • resourceName string The name of the resource that the credentials are being checked against (e.g. flow fbotTest_cat_1_0 startNewTymly)
  • action string And the name of action these credentials are wanting to perform (e.g. startNewTymly)

Examples

var allowed = rbac.getUserIdFromContext(
  'Dave', // userId
  null, // ctx
  ['fbotTest_fbotTestAdmin'], // roles
  'flow', // resourceType,
  'fbotTest_cat_1_0', // resourceName,
  'startNewTymly' // action
) // Returns true/false

Returns boolean Indicates if the provided credentials allow the specified action to be applied to the named resource (true) or not (false)


Boots after

statebox storage