有没有同行愿意讲解一下mongoose-rbac(Role-Based Access Control,基于角色的访问控制)的用法及mongoDB数据库的设计,mongoose-rbac的github地址:https://github.com/bryandragon/mongoose-rbac
对于mongDB关于后台权限的设计,我想到一种方案: 1.角色里面嵌套菜单,菜单里面嵌套操作,operation是功能菜单对应的表格每一行允许的操作. { "role": { "name": "xxx", "menu": { "home": { "name": "xxx", "url": "xxx", "operation": { "add": true, "delete": true, "edit": true, "query": true } }, "news": { "name": "xxx", "url": "xxx", "operation": { "add": true, "delete": true, "edit": true, "query": true } } } } } 2.用户组里面嵌套用户 { "usergroup": { "name": "xxx", "user": [ { "name": "xxx", "username": "xxx", "password": “xxx” }, { "name": "xxx", "username": "xxx", "password": “xxx” } ] } } 3.然后想办法把usergroup与role这两个集合关联起来,实现给用户组分配权限,同时实现菜单的动态生成,请大家给点意见,谢谢!