Hello here is what I could already have github.com/patbi/seedocauth
but I would also like 1 - to redirect each type of users on his page 2 - Restrict access to the cat view for patients and visitors, but only accessible to doctors
my json
{
"patients": {
"fname": "patrick",
"lname": "isaac",
"username": "patient1",
"password": "hello",
"year_of_birth": 1990,
"email": "biyagapatrick@provider.com",
"civility": [ "single", "married", "other" ],
"phone_number": 698780156,
"sex": [ "M", "F"],
"srcImg": "img/pat.jpg",
"electronic_notebook": {
"name": "notebook1",
"description": "description1",
"content": "content1",
"datecreation": 23-11-2018,
"consultationdate": 23-11-2018
},
"userRole": {
"bitMask": 2,
"title": "patients"
},
"tokens": []
},
"doctors": {
"fname": "doctor1",
"lname": "doctor1",
"username": "doctor1",
"password": "world",
"year_of_birth": 1990,
"age": 28,
"email": "doctor1@provider.com",
"phone_number": 698780156,
"srcImg": "img/pat.jpg",
"specialty": "surgeon-dentist",
"hospital": {
"name": "seedoc",
"country": {
"name": "cameroon",
"region": {
"name": "center",
"city": {
"name": "yaoundé",
"street": {
"name": "deido",
},
},
},
},
},
"userRole": {
"bitMask": 4,
"title": "doctors"
},
"tokens": []
},
"admin": {
"username": "admin",
"name": "admin",
"password": "admin",
"email": "admin@admin.admin",
"userRole": {
"bitMask": 5,
"title": "admin"
},
"tokens": []
}
}
Hey!
Your best bet is to use a paradigm of authorization called "named scopes." I am guessing you are using a modified subset of NoSQL, so it shouldn't be that hard to implement.
The first thing I'd like to start with is destructing and decoupling your data sets (tables, in their most rudimentary form).
Create a
usersschema which contains the meta fields only for what is specific to every user. The reason I emphasized "every" is because there are some parameters which are common across every "user" entity you'll create throughout the lifecycle of the application's state. Fields likefirst_name,last_name, etc.Define a
rolefield in that very schema to assign a role to every user. You can set this to a default value of your lowest access level which can be amended as and when needed. Using a simple0for administrator,1for super-user, so on and so forth should be enough for most use cases. You can, if the backend permits, get a little fancy and assign roles based on namespaces (like the ones used by AWS' IAM); something likeadministrator__crud--userwhich would mean the current user has administrative rights over the resourceuser.Ask the backend to give you a JWT (the exact logic for this is up to you) and decode it. Based on the role, you can redirect the user wherever you want to (solving problem 1), show selective navigation fields (solving problem 2) and in the event of a user violating the ToS, you can log the Zero-Knowledge state identification resources to your log in the backend.