PermissionService methods
permissionsArguments: An object with keys: 'name' (string) the role name, 'permissions' (permission object or array of permission objects), 'users' (optional string array).
Description: Create a role, grant permissions to that role, and assign users to the role. See reference objects for the required fields for a permissions object. Note that for this method, 'role' should not be set on the permission object.
Arguments: permissions (one or more permissions objects - see reference objects for the required fields for a permissions object).
Description: Grant new permissions to a role.
Arguments: An object containing the keys: 'role' (string) the role name, 'model' (string) the model name, 'action' (string - 'create', 'read', 'update', or 'delete'), 'relation' (string - 'role' or 'owner').
Description: Revoke the permission for the specified model/action/relation combination from the specified role.
Arguments: usernames (string or string array), rolename (string).
Description: Add the user or users to the specified role.
Arguments: usernames (string or string array), rolename (string).
Description: Remove the user or users from the specified role.
Arguments: A model instance or array of model instances, and a user instance.
Description: Given an object, or a list of objects, return true if the list contains objects not owned by the specified user.
Arguments: A user id and then a model instance
Description: This is a curried function that takes a user id, and returns a function that takes a model instance. This second function returns whether the specified model instance is NOT owned by the specified user.
Arguments: Express request object
Description: Find objects that some arbitrary action would be performed on, given the same request. This is used to examine the models that are returned from the query for permissions purposes.
Arguments: An object with keys: 'method' (string), 'model' (object), 'user' (object)
Description: Query Permissions that grant privileges to a role/user on an action for a model.
Arguments: A model instance or list of model instances, an array of permissions, the body of the request (create/update requests) or the response (read requests)
Description: Given a list of objects, determine if they all satisfy at least one permission's where clause/attribute blacklist combination. The third argument is used for the blacklist, and is not relevant for a delete request.
Arguments: request body (create/update requests) or response (read requests), array of blacklisted strings
Description: Given an array of blacklist attributes and an object, determine if the object's keys and the blacklist array intersect.
Arguments: model instance
Description: Return true if the specified model supports the ownership policy; false otherwise.
Arguments: An object with keys: 'method' (string), 'model' (object instance), 'user' (user instance)
Description: Build an error message
Arguments: action (string - 'GET', 'POST' 'UPDATE', 'DELETE')
Description: Given an action, return the CRUD method it maps to. For instance, POST maps to create and GET maps to read.
A permission object must have the keys: 'action' (string), 'model' (string), 'role' (string). It can optionally have the keys 'criteria' (criteria object or array of criteria objects) and 'relation' (string - either 'role' or 'owner', defaults to 'role').
A criteria object must have one (and may have both) of the keys: 'where' (waterline query object), 'blacklist' (string array).