Managing Permissions
A guide to the database-driven permission system in Nuxt Auto CRUD.
1. The Core Concepts
Users
The actual people logging in.
Roles
Labels like "Admin", "Manager", or "Support" that group users together.
Resources
The parts of your application you want to protect (e.g., "users", "tickets", "products").
Permissions
The specific actions allowed (e.g., "create", "read", "update", "delete", "list").
2. How to Manage Access
A. Create a New Role
If you need a new type of user (e.g., "Editor"), you simply add a row to the roles table.
Action: Insert a new record into the `roles` table.
Example: Name = "Editor"
B. Define a Resource
If you create a new feature (e.g., a "Blog"), you need to register it as a resource.
Action: Insert a new record into the `resources` table.
Example: Name = "blog_posts"
C. Grant Permissions
To say "Editors can update blog posts", you link the three concepts together in the role_resource_permissions table.
Action: Insert a record linking Role ID, Resource ID, and Permission ID.
Example: Link Editor ID + blog_posts ID + update ID
D. Assign a Role to a User
Finally, to give a user these powers, you just assign them the role.
Action: Select the Role for a specific user in the `users` table.
Example: Select "Editor" for user "john@example.com"
Summary of Tables
| Table Name | Purpose |
|---|---|
| roles | Define who exists (Admin, Guest, etc.). |
| resources | Define what exists (Products, Orders, etc.). |
| permissions | Define actions (Create, Read, Update, Delete). |
| role_resource_permissions | The Master Switch. Connects Role + Resource + Action. |
| users | Assigns a Role to a specific person via the Role field. |