DEV Community

Rodel Talampas
Rodel Talampas

Posted on

Authorisation using NodeJS, AzureAD and MongoDB (Part 1 - Design)

Application administrators use roles to group together permissions and assign them to individual users or groups of users. These permissions determine the actions that a user is able to take within a particular software. The roles that are assigned to a user depend on their tasks within the application itself. For instance, in a simple inventory application, users who are analysts might only need permissions to browse and download, but not to modify or change information. However, in an analyst group, a senior analyst may be granted full permissions to allow them to modify existing data or create/upload new inventory data.

In general, roles are used to make it easier to manage permissions by allowing administrators to assign a set of permissions to a user or group of users all at once, rather than having to assign individual permissions one at a time. This can make it more efficient to set up and manage access controls within an application.

A role is therefore defined as a collection of permissions that are grouped together and assigned to a user or group of users. A permission, on the other hand, is a specific action or set of actions that a user is allowed to take within a particular application.

I am designing an integration with AzureAD, and MongoDB collections using NodeJS. Roles/Groups will be created in AzureAD that will be synced in MongoDB for application usage. Each role will have its own permissions and Users can have one or more roles.

Data Definition

Permission Schema

const permissionSchema = mongoose.Schema(
  {
    permission: {
        type: String,
        unique: true,
        required: true
    }
  }
  {
    timestamps: true,
  }
);

const Permission = mongoose.model('Permission', permissionSchema);
Enter fullscreen mode Exit fullscreen mode

Role Schema

const roleSchema = mongoose.Schema(
  {
    role: {
        type: String,
        unique: true,
        required: true
    },
    permissions: [
      {
        permissionId: {
          type: mongoose.Schema.Types.ObjectId,
          ref: 'Permission',
        },
      },
    ]
  }
  {
    timestamps: true,
  }
);

const Role = mongoose.model('Role', roleSchema);
Enter fullscreen mode Exit fullscreen mode

User Schema

const userSchema = mongoose.Schema(
  {
    firstName: {
      type: String,
      required: true,
    },
    lastName: {
      type: String,
      required: true,
    },
    phone: {
      type: String,
      required: true,
    },
    email: {
      type: String,
      required: true,
      unique: true,
      lowercase: true,
    },
    roles: [
      {
        roleId: {
          type: mongoose.Schema.Types.ObjectId,
          ref: 'Role',
        }
      },
    ],
  },
  {
    timestamps: true,
  }
);

const User = mongoose.model('User', userSchema);
Enter fullscreen mode Exit fullscreen mode

Management Process

Image description

Sync Process

Image description

On Load

Image description

Top comments (0)