I've been exploring CASL for managing persisted permissions. But I am stuck on assigning permissions to roles such as team managers and department heads, who are more mid-level employees. So far I have:
const roles = [
{
id: 1,
name: "admin", // Has access to everything
permissions: JSON.stringify([{ action: "manage", subject: "all" }]),
},
{
id: 2,
name: "manager", // Has access to people who they directly manage and anyone below them
permissions: JSON.stringify([
{
action: "manage", //direct employee under user
subject: "Order",
conditions: { "owner.managerId": "{{user._id}}" },
},
{
action: "manage", // his own orders
subject: "Order",
conditions: { "owner._id": "{{user._id}}" },
},
]),
},
];
I can give permissions to direct employees that work under a manager, but not indirect employees that work under employees he/she manages. Think tree-model
I can give permissions to direct employees that work under a manager, but not indirect employees that work under employees he/she manages. Think tree-model