guideRoles

# Overview

Because CKEditor Cloud Services authenticates users and verifies their identity, information to which parts the user has access must be provided. For this purpose, CKEditor Cloud Services uses tokens and a permissions mechanism.

In order to simplify and facilitate providing information about permissions, CKEditor Cloud Services uses roles. Roles contain a set of permissions describing the actions that the user can and cannot do.

All information about the roles should be included in the token.

# Roles for Easy Image

There is no need to specify any roles for Easy Image, because they are assigned to the environment. It means that each user that belongs to the environment is allowed to upload images. After the upload, images are public and can be downloaded without any restrictions.

# Roles for Collaboration

The user is authorized only to documents listed in auth.collaboration and may have a different role in each document.

{
    "auth": {
        "collaboration": {
            "doc-1": {
                "role": "reader"
            },
            "doc-2": {
                "role": "commentator"
            },
            "doc-2": {
                "role": "writer"
            }
        }
    }
}

The list of documents to which the user is authorized should be specified by providing their IDs or patterns (if the user has access to a group of documents).

A valid document ID should only contain letters, numbers and dashes.

# Roles

Each role contains a set of permissions describing the actions that the user can and cannot do.

CKEditor Cloud Services provides 3 roles:

  • reader – A user with this role has read-only access to the document. It means that the user is NOT authorized to make any changes to the document (including commenting).
  • commentator – A user with this role has read-only access to the document and is authorized to comment. It means that the user is NOT allowed to modify the content of the document but is allowed to comment.
  • writer – A user with this role has full access to the document. It means that the user is authorized to make any changes to the document (including commenting).

# Patterns

Patterns facilitate determining permissions to a group of documents. You can provide a pattern with wildcard characters instead of the document ID. The pattern will cover multiple documents IDs.

Example: The following sample defines a user that has the reader role in all documents matching the pattern: docs-*. Examples of matching documents could be: docs-titlepage and docs-category-document.

{
    "auth": {
        "collaboration": {
            "docs-*": {
                "role": "reader"
            }
        }
    }
}