Skip to content

[RFC] Pass in permissions & authLevel as extensions options #24

Description

@makinde

Right now we pass in the permissions object and getAuthLevel methods by assigning them directly into the schema object. If we add more options in the future, we'd probably add them in the same way. This means we're polluting that shared space with object keys, and these may potentially collide with other extensions/mongoose properties down the road.

mySchema.permissions = {...}
mySechma.getAuthLevel = functiion () {...}

A safer approach would be to have these options passed into the plugin installation:

mySchema.plugin(authz, {
  permissions: {...},
  getAuthLevel: function () {...},
});

This has a few advantages:

  1. All the configuration information for authorization is in one place, easy to see.
  2. It doesn't pollute a shared space, so we don't have to worry about conflicts of getting our information overwritten.

The challenge it presents are:

  1. We have to do a little more work to pass around this options object internally in the library. We could stick it in mySchema.authorizationOptions to have a sort of middle ground. And that key could be changed int he future since it's an internal implementation detail.
  2. The configuration object may look quite gnarly and seem harder to use.

Thoughts?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions