Access Control - andrewkyllo-401-advanced-javascript/seattle-javascript-401d34 GitHub Wiki

Access Controls

• The selective restriction of resources.
• It is important to limit access to clients based on credentials.

Application Flow and Access Control

Applications of all types have varying degrees of access based on user type of UI requirements

Back End (API Layer)

• Manage the login cycle with the front-end application
• Maintain the User's database
• Maintain roles for each user
• Authenticate users (basic and bearer)
• Create, manage, and apply Role Based Access Controls
• Maintain and reference their capabilities based on their role
• Restrict access to features (like routes) based on capabilities
  • Express Middleware could be used to restrict access to routes
  • Mongoose Middleware/Hooks could be used to restrict access to business logic

Front End (Client Layer)

• Initiate the login process
• Store login tokens as cookies
• Manage login state and capabilities
• Control physical & visual access (hide/show/alter) to components based on RBAC rules
• Alter behaviors based on RBAC rules