- Create a web application where there are four entities - Company, Article, Users and Roles.
- Company has many Articles. User has and belongs to many Companies through Roles table.
- Company will have one super admin
- Super admin of the company be able to give user specific access to Company and Articles.
- Accesses are like this.
- A User can be an ADMIN of Company. He can see and edit all the articles that belongs to the company.
- A User can be a MEMBER of a Company. The user can see the Articles, but cannot edit it.
- If a User is a MEMBER of a Company, he can be given ADMIN access to an Article, which will let him to edit the Article.
- A User with no access in Company shouldn’t see the articles.
- Use Casbin for Authorisation Roles.
- Write rest API to perform all operations. No need for html pages.
gslab_pass=password for gslab>
kpoint_pass=<password for kpoint>
SECRET=<secret value>
type User struct {
ID primitive.ObjectID `json:"_id" bson:"_id"`
FirstName string `json:"first_name" bson:"first_name"`
LastName string `json:"last_name" bson:"last_name"`
Email string `json:"email" bson:"email"`
Password string `json:"password" bson:"password"`
}
type Role struct {
ID primitive.ObjectID `json:"_id" bson:"_id"`
Name string `json:"name" bson:"name"`
}
type UserRole struct {
UserID string `json:"user_id" bson:"user_id"`
CompanyId string `json:"company_id" bson:"company_id"`
Role string `json:"role" bson:"role"`
}
type Article struct {
ID primitive.ObjectID `json:"_id" bson:"_id"`
CompanyID string `json:"company_id" bson:"company_id"`
Body string `json:"body" bson:"body"`
}
5. article_role:- We are using this when user have other role than its company role on particular article, so we have more control based on particular article.
type ArticleRole struct {
UserID string `json:"user_id" bson:"user_id"`
CompanyId string `json:"company_id" bson:"company_id"`
ArticleId string `json:"article_id" bson:"article_id"`
Role string `json:"role" bson:"role"`
}
type Company struct {
ID primitive.ObjectID `json:"_id" bson:"_id"`
Name string `json:"name" bson:"name"`
}
1. superadmin user details for each company should need to insert initially.
2. Also, same user with superadmin role need to be added in user_role* collection.
3. Also, all companies details need to be insert in company collection.
4. Also, predefind role need to add in role collection.
POST: localhost:8080/login
POST: localhost:8080/user
POST: localhost:8080/company/{company_id}/user/{user_id}/role
GET: localhost:8080/company/{company_id}/article
GET: localhost:8080/company/{company_id}/article/{article_id}
POST: localhost:8080/company/{company_id}/article
PUT: localhost:8080/company/{company_id}/article/{article_id}
DELELTE: localhost:8080/article/{article_id}
PUT: localhost:8080/company/{company_id}/user/{user_id}/role
10. To change role of user on particular article :- Only superadmin can change role of other user on particular article.
PUT: localhost:8080/company/{company_id}/user/{user_id}/article/{article_id}/role
API: localhost:8080/login
Method: POST
Payload:
{
"email": "<user email>",
"password" :"<password>"
}
Response:
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJjb21wYW55aWQiOjEsImV4cCI6IjIwMjEtMDctMDZUMTA6MjQ6MTMuNzI5ODU2NTQ3KzA1OjMwIiwidXNlcmlkIjoxLCJ1c2Vycm9sZSI6InN1cGVyYWRtaW4ifQ.x8Ig1OU5JghF0pefemOWcbA_QwOVhqXETHStkhQnxjI"
}
API: localhost:8080/user
Method: POST
Description:
1. Only superadmin of all company can add user in user collection, then that user can be add in multiple company with specific api.
2.Here user email is unique, duplicate entry with same email is not allowed.
Payload:
{
"first_name":<firstname>,
"last_name": <lastname>,
"email": <email>
"password" : <password>
}
Response: (for reference only)
{
"message": "User with email: shubham@gmail.com is added to database with id :- 60ed8b906f708a84e5dac774"
}
API: localhost:8080/company/{company_id}/user/{user_id}/role
Method: POST
Description:
1. Only superadmin have permission to access this api. They can add user from user collection into user_role collection,if that user not already present in user_role collection for same company.
Payload:
{
"role": "member"
}
Response: (for reference only)
{
"message": "User with id :60ed8b906f708a84e5dac774 is added to comapny with company_id: 60ebe75e02bcbdc4d7ae5b44 with role:member"
}
API: localhost:8080/company/{company_id}/article
Method: GET
Description:
To Get all articles in provided company, only admin, member and superadmin can see all articles.
Response: (for reference only)
[
{
"_id": "60ebc67056152e4ab5c6a5f7",
"company_id": "60ebc51456152e4ab5c6a5e2",
"body": "Welcome to GSLAB family!!!"
},
{
"_id": "60ebc67756152e4ab5c6a5fa",
"company_id": "60ebc51456152e4ab5c6a5e2",
"body": "Blockchain is future!"
}
]
API: localhost:8080/company/{company_id}/article/{article_id}
Method: GET
Description:
To Get single article by it's article_id in provided company, only admin, member and superadmin can read article.
Response: (for reference only)
{
"_id": "60ebc67056152e4ab5c6a5f7",
"company_id": "60ebc51456152e4ab5c6a5e2",
"body": "Hello Teams"
}
API: localhost:8080/company/{company_id}/article
Method: POST
Description:
Only superadmin can add article in company.
Payload:
{
"body": "Welcome to Kpoint!!"
}
Response: (for reference only)
{
"message": "Article with article id: 60ed8cdc6f708a84e5dac790 is added to company having id: 60ebe75e02bcbdc4d7ae5b44 "
}
API: localhost:8080/company/{company_id}/article/{article_id}
Method: PUT
Description:
1. superadmin,admin and member have access to this api, checked by Casbin.
2. User has specific access to the articles apart from there role, which is verified internally. Roles related to articles are stored in article_role collection.
Payload:
{
"body": "Updated article"
}
Response:
{
"message": "Article with id: 60ebc67756152e4ab5c6a5fa is successfully updated!"
}
API: localhost:8080/article/{article_id}
Method: DELETE
Description:
1. superadmin,admin and member have access to this api, checked by "Cashbin".
2. superadmin and admin access on article level has given permission to delete the article.
3. After deleting the article all entries related to that article in article_role collection will be deleted
Response: (for reference only)
{
"message": "Article with id: ObjectID("60ed8ccb6f708a84e5dac78d") is successfully deleted!"
}
API: localhost:8080/company/{company_id}/user/{user_id}/role
Method: PUT
Description:
1. Only superadmin have access to this api, and it's checked by Casbin.
2. After changing role of user, if user have same access on particular article then in article_role collecion entry with same role will be deleted.Now only entry other than than company role is present in article_role collection.
Payload:
{
"role": "admin"
}
Response:
{
"message": "Role for user with id :60ed8b906f708a84e5dac774 is changed to: admin"
}
API: localhost:8080/company/{company_id}/user/{user_id}/article/{article_id}/role
Method: PUT
Description:
Only superadmin have access to this api, and it's checked by Casbin and can change special role of user on particular article that will upated in article_role collction if entry already present or it will be added to article role collection.
Payload:
{
"role" : "member"
}
Response: (for reference only)
{
"message": "Role for user with email:shubham@gmail.com for articleid: 60ebc67056152e4ab5c6a5f7 is changed to: member"
}