Diligence is still under development and incomplete, and some this documentation is wrong.
For a more comprehensive but experimental version download the Savory Framework,
which was the preview release of Diligence.
When used with the authentication service
, this service lets you secure your site by allowing only authorized users to access certain resources or perform certain operations.
Entities and Inheritance
Permissions are associated with "entities," which could be either individual user, from the authorization service
, or groups, which are here stores in a simple MongoDB collection.
Each entity can inherit permissions from any number of other entities, in order. The common use case is for a user to "belong" to a few groups, and inherit their permissions. This lets you centrally manage permissions for large groups of users, and easily change a user's permission profile by changing their groups. Entities can inherit from other entities, and so on.
Permissions will be overriden by the inheritor: for example, if you specifically grant a user permission to edit a certain page, they will have this permission even if the group they inherit from specifically forbids it. The order of inheritance also allows for overriding.
The common practice is to name permissions using a hierarchical dot notation, with each level of depth corresponding to moving into a specific section, resource or operation in your application. In some cases, it may make sense to treat a permission as if it covers all sub-permissions in a hierarchy. Here we call this "cascading permissions."
The Diligence Manual is provided for you under the terms of the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
The complete manual is available for download as a PDF.