How To Manage User Roles In Node.js
Vložit
- čas přidán 28. 07. 2024
- 🚨 IMPORTANT:
1 Year Free Hosting: www.atlantic.net/webdevsimpli...
Use code KYLE for an additional $50
User permission systems are the core of nearly every application. From Reddit to accounting every site needs to manage user permissions, but that is much easier said than done. In this video I will be showing you exactly how to set up a flexible and robust user permission system which you can use in any Node.js application.
📚 Materials/References:
Starting GitHub Code: github.com/WebDevSimplified/n...
Ending GitHub Code: github.com/WebDevSimplified/n...
HTTP Status Codes Tutorial: • Learn HTTP Status Code...
🧠 Concepts Covered:
- How to handle user auth in Node.js
- How to create flexible user permissions in Node.js
- How to manage scoped routes in Node.js
🌎 Find Me Here:
My Blog: blog.webdevsimplified.com
My Courses: courses.webdevsimplified.com
Patreon: / webdevsimplified
Twitter: / devsimplified
Discord: / discord
GitHub: github.com/WebDevSimplified
CodePen: codepen.io/WebDevSimplified
#Node.js #WDS #UserPermissions
Legend! Love the way you clearly explain these concepts in a simple way. Cheers bro. You are on my recommended channel list on my YT
i recommend you both on mine
Legend praising another legend
This comment section is pretty legendary
Ok
Man I wonder if Kyle actually realises how much he helps us out with his vids man
Respect man
React kids won't understand u...
@@MrEnsiferum77 реакт тут причем?
This video is so motivating since I was taking a break from programming bc of authentication and authorization. Thank you so much!
You're simply the best out there because you explain your content very well and you go straight to the point, respect man you're a legend !
such a clear explanation, thank you!
pretty much exactly the video I needed for a project. My man web dev simplified is a legend.
You get it m8
@@cdporgrammer7168 dear how it connect with mongodb?
Very true.
He is one of the few "bigger" code CZcamsrs that has beneficial stuff I've used in real projects
@@sohailkashif6992 a common cope I would get hit with in boot camp was,
"Depends on your use case"
Which it actually does.
Having a hard time understanding the relationship between a user of the database
And
A user that is using the site.
this dude is literally a mentor
Love the progression in this video. Super clear
Thanks so much for this. One of the better Node tutorials I've seen.
Awesome video. Concept of modularity with pure functions make this truly scalable.
I always keep telling everyone to subscribe to your channel. you're really great really hoping people would recognize you more often.
Yay!!!!!!!!!!!!!!!!!!! So awesome!!! Thank you !!!! I was just thinking about this because I been following your other tutorials and I love them. I am excited to watch this video.
Awesome, helped me with some of my lingering middleware integration ignorance. Well explained!
Currently I'm learning MEAN and this is exactly what I need for my pet project. Thank you so much for what you're doing!
Kyle ... great tutorial ... very glad I found your channel! Thank you.
This video came in the perfect time. Thank you!
Never happier when any youtuber uploads
Just found your channel, loving it so far.
As usual, great video - clear, concise and immediately usable. Thanks!
Thank you very much! This is exactly what I needed for my project!
Your tutorials are top notch Kyle!
YOU ARE AWESOME thankyou for putting great content, with fast but effective and SIMPLE :)
Kayel your videos are greate for intermediat developers. Clear and simple explanations. Have been following you. You are recommended.
*Kyle
*great
*intermediate
Your video helps me a lot. I really appreciate your effort.
Thank you so much!
very clear, it’s helpful in my project. Thanks a lot
Thanks for sharing, it is nice and easy to follow which is a massive help.
Thank you so much Kyle. I found this very helpful.
Exactly the video I needed. Thanks man.
Thank you so much for the tutorial video it's quite informative and professional
Before watching this video, I was creating separate documents for admin and user. Thank you for such a clear explanation tutorial.
I did that and submited lol. Had to pay for that in viva.
Nice. Introductory tutorial on how to manage user roles.
you explain things so simply....easy to follow.....
You've Successfully Simplified Web For Us. Mission Accomplished 😎
Awesome. You are the best. I wonder who could be so unfair to dislike it?
wow! such a great tutorial. thanks for the guide!
Thank you. This was a great learing experience.
Great content. Gives motivation to keep our channel going.
Thank you for such an amazing tutorial!
This is the best video about role based authentication...Thanks
It would be awesome if you could create like a mini blog[or anything] with react & express that uses user-based roles. I'm trying to add user based rules to my react app :p
My name is Kyle and my job is to simplify the web for you!
Your tutorials are always gre8!
Thank you very much. This video... no, all your videos I watched are amazing and helpfull!
Just want to say thankyou man. Words are short here.
Great content, very helpful, thanks lots
Thank you very much , as always easy explanations.
Please add how to protect the server from attacks like ddos and brute force attack.
Your video help me too much thanks 🙏
Enjoyed the turotial throughly!
that was a great video thankyou so much!
too good. I did a version in typescript but followed your flows. Thanks
I believe you mixed up the status codes a bit.
401 Unauthorized - send this code when the user is not authorized to view the content (as in the user didn't login)
403 Forbidden - send this code when the user is logged in, but is not allowed to view specific content
The difference between these status codes is that 401 should be sent if authorization fails, but proper authorization is possible while 403 is sent when the user is authorized, but doesn't have the required permissions.
are you sure?
authentication means verifying identity. It gets confusing because the header used to authenticate is called 'authorization' but it is still authentication and 401.
authorization means verifying permissions which is 403
I agree... 401 is for unauthorized (not logged in) and 403 is forbidden (resource authorization)
@@ArthurCowdery Yes, he's correct. The title of the status code is a bit messed up, should probably have been "Unauthenticated" instead, it generates a lot of confusion.
@Jovan Jevtic jovaneeeee
Really amazing explanation!
exactly what i was looking for
YOu are amazing... Really simplified complex things
Thank you for this video!
Perfect. Very nicely done
You're my boss ❤
You have helped me alot In React js
Very good explained , Love from India.
Great video. I just think one small refactor is to use the canViewProject function inside your filter for scopedProjects
Kyle ... One Word: Genius
OMG! thank you. I believe in Web Dev Simplified supremacy!!!!!
THANK YOUUUUUUUUUUU!!!!!! I finally understand this.
I was just about to look for this information
This is what i want , u are awesome sir 🤘🤘🤘
Hey Kayle please do video on Gulp, Grunt, webpack and parcel & when to choose which tool
Literally god tier content
best teacher ever
Great layout of material.
Found what I am looking for thanks.
The best educational videos
7:11 Th res.Status Should be 401 Not 403
401 Means Unauthorized , Forbidden Mean He is Sign Up But he doesn't have the permission to access to the given operation.
Thank You btw !
kakashi hatake😍😍
Thanks for the great tutorial. In the end, I'm just wondering (if we work with real data obtained from the database), what is the best way to filter the data (in this case the scopedProjects function).
If we have a lot of data, in this case we need to fetch all of them and then filter them. Isn't it better (in terms of performance) to check the role first and then pull only specific (filtered on db query level) data from the database?
I've got a permission system where the permissions are strings like "mail.create" or "mail.*". Each user has an array of permissions, and the permission strings are referenced in a POJO that maps object keys to permission names. So if you have an endpoint that should be accessible to anyone with a mail permission, you call `hasAnyPermission(req.user, Permissions.mail)` where Permissions.mail is an object containing more fine-grained permissions, and that endpoint would be accessible to anybody with a "mail.(whatever)" permission. "*" is a wildcard that refers to all sub-permissions, so if someone has the permission "*" then they're a superuser, and if they have the permission "boards.*" then they can do anything on any image board. There are some functions, like `hasAnyPermission` or `hasPermission` that you stick at the beginning of your route handler to enforce the permissions.
Of course you don't have to put them at the beginning of your route handler - the entire frontend of the app is handlebars so I also use them on specific pages where I want to display some items/links but each link requires a separate permission. I'm actually pretty surprised that I've made it this far using only handlebars and plain JS for the frontend. The backend is NodeJS with Typescript which is great but I've managed to write a multiplayer FPS almost entirely in plain JS (server-side is that typescript nodejs I just mentioned) and build a forum engine and now I've set up a mail server and a way for users to create and manage email addresses on my domain. handlebars may not be flashy but damn if I like it
Nicely explained
Thank you, Kyle.
Awesome video !!!
Every time I get stuck in something and try to solve a problem by myself. I'm always ended up on your video finding a solution
great as usual
thanks for this man
Very useful. Thank you..
I would recommend to assign every role an int so you can calculate up and downwards !
Edit: To calculate the inheritance of the groups if given!
Why ? explain briefly please..
@@montasirmahmud3585 Then you can just use bit calculations to check if a role is hierarchically over another role or not by for example using >=
Loved it :)
More tutorials please!
best video, way to go
Awesome video
Kyle!!!
I want to store a string like '' string'' in a variable, which each character store in a variable or array, which come from an input
Very good ❤
So good tutorial
Lovved it thanks
Hi. Can you give me an idea how to apply this logic
User submitted a form if admin approved that user's form it will be shown otherwise not
Hey Kyle, what if we need to do a slightly different style of authentication. Say for example, you've built an accounting app where you can create/manage invoices & payments etc.. and you want to invite someone else to have access to your account. How would we make this work?
How would you share the permissions logic between the node backend and a ... lets say, react frontend?
great video bro, please do a MERN project like this with frontend
it's so great thanks a lot man !!! i wonder if you made a frontend part using React/Redux it will be helpful !! :D
actually, login logout page usually in public folder so its is preferred to be made using HTML & CSS only
thanks you are a legend
Nice explanation
I like your teaching style and I got correct concept from you when I search. can you upload videos with hindi dubbing? is it possible.
Thanks a lot ! great video !
Please how can i protect my front-end routes using those APIs ?
For example, when users login, the Admin would have route to the admin page but normal users not ? is it secure to check roles in the front-end ?
Good tutorial, why sometimes did you use es6 and sometimes not ?
I added this video to my Gold Collection
What if we create capabilities for each action, and then assign that capability to the roles so that one capability can be assign to the multiple roles.