Permissions

Boostack assigns permissions to users based on their role within an organization. it offers a simple, manageable approach to access management that is less prone to error than assigning permissions to users individually. You can then assign one or more permissions to each role.

The user-role and role-permissions relationships make it simple to perform user assignments since users no longer need to be managed individually, but instead have privileges that conform to the permissions assigned to their role(s).

Boostack has tree master files:

roles.js: is a really basic file that has all of the different permissions roles in our system (USER, ADMIN, OWNER)

permissions.js: where we define the logic permission for each action (read, update, delete, updateOwn, deleteOwn, ... )

grantAccess.js: includes functions controllers to grant access to users and it's completely separate from your middleware which is really important about this permission system to makes it so flexible and so useful in so many different scenarios.

The permission system that Boostack use is really easy to extend!