Definition
In Eicrud, every authenticated request fetches (from cache or DB) a CrudUser and stores it inside the CrudContext.
Entity
A User entity must be registered in a CrudUserService and passed to the CrudConfigService.
@Entity()
export class User implements CrudUser {
@PrimaryKey({ name: '_id'})
id: string;
@Unique()
@Property()
email: string;
//...
@Injectable()
export class UserService extends CrudUserService<User> {
constructor(protected modRef: ModuleRef) {
const serviceName = CrudService.getName(User);
super(modRef, User, getSecurity(serviceName));
}
}
@Injectable()
export class MyConfigService extends CrudConfigService {
constructor(public userService: UserService, ...) {
super({
userService,
...
});
}
}
Warning
Since User is fetched with every authenticated request, entity size will impact performance. Any information not frequently accessed should be stored in a relationship.
Optimization
The user is retrieved from the cacheManager if present, except in POST requests (create and secure CMDs) where it is always fetched from the database.
To keep your authorization fast, you might want to store useful info in the User entity. It will be available with every request.
async defineCRUDAbility(can, cannot, ctx) {
const userRights = ctx.user.moderationRights;
const required = ctx.query.requiredRights;
if(required.every((a) => userRights.includes(a))){
can('update', 'article');
}
}
Trust
Eicurd keeps a trust score for each user (user.trust) indicating the likeliness of them being a good actor.
Trust score grants additional permissions when options like additionalItemsInDbPerTrustPoints are specified.
You can add your computation to the trust score by overriding the UserService->addToComputedTrust method.
By default, the trust score is computed every 24 hours in UserService->$computeTrust.