DEV Community

Rodel Talampas
Rodel Talampas

Posted on

Authorisation using NodeJS, AzureAD and MongoDB (Part 1 - Design)

#node #azure #mongodb #programming

Application administrators use roles to group together permissions and assign them to individual users or groups of users. These permissions determine the actions that a user is able to take within a particular software. The roles that are assigned to a user depend on their tasks within the application itself. For instance, in a simple inventory application, users who are analysts might only need permissions to browse and download, but not to modify or change information. However, in an analyst group, a senior analyst may be granted full permissions to allow them to modify existing data or create/upload new inventory data.

In general, roles are used to make it easier to manage permissions by allowing administrators to assign a set of permissions to a user or group of users all at once, rather than having to assign individual permissions one at a time. This can make it more efficient to set up and manage access controls within an application.

A role is therefore defined as a collection of permissions that are grouped together and assigned to a user or group of users. A permission, on the other hand, is a specific action or set of actions that a user is allowed to take within a particular application.

I am designing an integration with AzureAD, and MongoDB collections using NodeJS. Roles/Groups will be created in AzureAD that will be synced in MongoDB for application usage. Each role will have its own permissions and Users can have one or more roles.

Data Definition

Permission Schema 

const permissionSchema = mongoose.Schema(
  {
    permission: {
        type: String,
        unique: true,
        required: true
    }
  }
  {
    timestamps: true,
  }
);

const Permission = mongoose.model('Permission', permissionSchema);
Enter fullscreen mode Exit fullscreen mode

Role Schema 

const roleSchema = mongoose.Schema(
  {
    role: {
        type: String,
        unique: true,
        required: true
    },
    permissions: [
      {
        permissionId: {
          type: mongoose.Schema.Types.ObjectId,
          ref: 'Permission',
        },
      },
    ]
  }
  {
    timestamps: true,
  }
);

const Role = mongoose.model('Role', roleSchema);
Enter fullscreen mode Exit fullscreen mode

User Schema 

const userSchema = mongoose.Schema(
  {
    firstName: {
      type: String,
      required: true,
    },
    lastName: {
      type: String,
      required: true,
    },
    phone: {
      type: String,
      required: true,
    },
    email: {
      type: String,
      required: true,
      unique: true,
      lowercase: true,
    },
    roles: [
      {
        roleId: {
          type: mongoose.Schema.Types.ObjectId,
          ref: 'Role',
        }
      },
    ],
  },
  {
    timestamps: true,
  }
);

const User = mongoose.model('User', userSchema);
Enter fullscreen mode Exit fullscreen mode

Management Process

Image description

Sync Process

Image description

On Load

Image description

Top comments (0)

Read next

cat2d2 profile image

New open-source multiplayer canvas game!

kit2d2 -

matin_shaikh_35f05c9baa2b profile image

My Experience with the OSS.GG Hackathon: Diving into Open Source with Twenty, Unkey, and Formbricks

Matin Shaikh -

aralroca profile image

Brisa Framework Presentation - October 2024

Aral Roca -

1noshishi profile image

Sealed Interfaces vs. Sealed Classes in Kotlin: When and Why to Use Each

Valerii Popov -