Authorization prevents users from acting outside of their intended permissions. In order to do so, users and their roles should be determined with consideration of the principle of least privilege. Each user role should only have access to the resources they must use.
You can use the acl
module to provide ACL (access control list) implementation. With this module, you can create roles and assign users to these roles.
You can read more about it here.
Install the module:
npm install acl # or yarn
Add use it in your code:
var acl = require('acl');acl = new acl(new acl.memoryBackend())// guest is allowed to view blogsacl.allow('guest', 'blogs', 'view')