cube.js 基於queryRewrite 進行安全控制
阿新 • • 發佈:2021-08-24
基於queryRewrite 我們可以做強大的安全控制,比如基於角色的訪問控制以及基於列的訪問控制
基於角色的訪問控制
module.exports = {
queryRewrite: (query, { securityContext }) => {
if (!securityContext.role) {
throw new Error('No role found in Security Context!');
}
if (securityContext.role == 'manager') {
query.filters.push({
member: 'Orders.status',
operator: 'equals',
values: ['shipped', 'completed'],
});
}
if (securityContext.role == 'operator') {
query.filters.push({
member: 'Orders.status',
operator: 'equals',
values: ['processing'],
});
}
return query;
},
};
基於列的訪問控制
module.exports = {
queryRewrite: (query, { securityContext }) => {
const cubeNames = [
];
if (cubeNames.includes('Products')) {
if (!securityContext.email) {
throw new Error('No email found in Security Context!');
}
query.filters.push({
member: `Suppliers.email`,
operator: 'equals',
values: [securityContext.email],
});
}
return query;
},
};
說明
以上內容是基於官方文件的,是一個不錯的資料
參考資料
https://cube.dev/docs/recipes/column-based-access
https://cube.dev/docs/recipes/role-based-access