I’m messing around with CBSecurity and using the JWTService as my validator. I am trying to create some security rules based on the type of the logged-in user (e.g. “Administrator” or “Consumer”). I am under the assumption that the proper way to do this is by using role-based rules as mentioned in the documentation.
How do I assign a role to my User entity that CBSecurity can pick up without using CFLoginUser? If I use the permissions key in my CBSecurity rules, the system will run hasPermission() on the User entity which makes sense. Is there similar functionality that I can use to also handle roles?
I see from the page you linked that cbsecurity.interfaces.IAuthUser has the method hasPermission() which I assume the JWTService uses when it needs to make sure the User has a particular permission. However, I don’t see anything about Roles. In other words, even if I created a method in my User entity called hasRole(), How would JWTService or CBAuth know to look for it? Were you suggesting that I would need to create my own authentication service instead of using the built-in ones?
It looks like the stock version of cbSecurity only does role checking if you’re using the CFValidator… so if my suspicions are right, if I want to use the JWTService service validator, I need to stay away from roles and use permissions only.
