Suggestion: multiple user role scopes

[hlozancic]

It would be great if one user could have multiple roles for each scope...

For example:

Let's imagine that we have a forum app which has multiple main topics like: IT, LIFESTYLE, WHATEVER...
Now, let's say that we want to give role of "Administrator" to user id 42, but ONLY for IT topic, while on, for example, LIFESTYLE topic he has "Moderator" role.

Currently this is possible by adding a lot of roles, like "IT_administrator", "IT_moderator", "LIFESTYLE_admin"... and so on.

My suggestion would be to add some kind of "scope" to user_role table. So we would have opportunity to add pivot value like:

Let's reuse upper example to demonstrate my suggestion and say that role_id of 1 = 'Administrator' and role_id of 2 is 'Moderator'. This is how the table would look like:

role_id	user_id	scope
1	42	IT
2	42	LIFESTYLE

So, now we are reusing existing roles and our user has different role depending of scope. He can now do everything in IT topic but not in LIFESTYLE topic.

Ofcourse... this would only work if is model method changes also....

It should need to do Acl.check only scoped roles, so maybe something like this:

    Model.prototype.is = async function (expression, scope) {
      const roles = await this.getRoles(scope) // this one should get's scope roles only, if scope is passed
      return Acl.check(expression, operand => _.includes(roles, operand))
    }

What do you think?

[atinux]

Actually I think it’s a good idea too, maybe adding a default scope by default. I let the author give his point of view.

Great lib BTW