## Function Authorization `Function authorization` mainly solves such problems: `who` can access `which functions` of backend > One `function` can correspond to one or more `API routes` > `Menu` is a special `function` ## Authorization Ways There are three ways of authorization: `Artificial Authorization`, `Initial Authorization`, `Test Authorization` The API methods for `initial authorization` and `test authorization` are as follows: ### addRoleFunction `a-base/backend/src/config/middleware/adapter/role.js` ``` javascript async addRoleFunction({ roleId, functionId, roleRightId = 0 }) ``` |Name|Description| |--|--| |roleId|RoleId to be authorized| |functionId|FunctionId| |roleRightId|If it is `atom action menu`, the authorization record of the atom action is saved here| ### addRoleFunctionBatch `a-base/backend/src/config/middleware/adapter/role.js` ``` javascript // const roleFunctions = [ // { roleName: 'root', name: 'listComment' }, // ]; async addRoleFunctionBatch({ module, roleFunctions }) ``` |Name|Description| |--|--| |module|module name. If it is empty, the current module name will be used| |roleFunctions|array of authorization records | ### For Example `src/suite-vendor/test-party/modules/test-party/backend/src/service/version.js` ``` javascript // roleFunctions const roleFunctions = [ { roleName: 'root', name: 'kitchenSink' }, ]; await this.ctx.meta.role.addRoleFunctionBatch({ roleFunctions }); ``` ## Menu of `Atom Action` There are two special menu items: `Create Atom` and `Atom List`, whose permissions are associated with `Atom Actions`. For example, when we configure the actions permissions of `create` and `read` for `party`, then we have corresponding permissions for the menus of `Create Party` and `Party List` ## Authorization Checking Authorization can be checked by `middleware` or `API` ### Check by Middleware CabloyJS uses the global middleware `right` to encapsulate the logic of authorization checking. It only needs to configure the corresponding middleware parameters on the API route `src/suite-vendor/test-party/modules/test-party/backend/src/routes.js` ```javascript { method: 'post', path: 'kitchen-sink/guide/echo9', controller: testKitchensinkGuide, meta: { right: { type: 'function', name: 'kitchenSink', }, }, }, ``` |Name|Description| |--|--| |right|the global middleware `right`, which is enabled by default, only needs to configure parameters| |type|authorization type. here is `function authorization`| |name|function name| ### Check by API `src/suite-vendor/test-party/modules/test-party/backend/src/controller/test/function/public.js` ```javascript // check right function const pass = await this.ctx.meta.function.checkRightFunction({ function: { module: 'test-party', name: 'testFunctionPublic', }, user: userTom, }); assert.equal(!!pass, true); ```