I'm building an SAAS application with MEAN Stack (node.js, express.js, mongo db and angular) and I'm starting with a REST API that the angular frontend will consume.
I have most of it figured out and this is the first app that I've built with this technology so I have a question about ACL and permissions.
I'm going to have 4 areas, lets say they're: books, cars, magazines, toys
And in my app I say, john can read/write books, cars and toys, but only read his own magazines.
So my question is this: In php (my usual language), I would just set up access tables that say who can see what section and then in an individual record and make sure they have rights.
How would this same sort of deal be implemented with a REST Api built on express.
I'm not looking for code level explanation just ideology so I can get my mind on the right track to build this.
I am using this acl middleware on a few express applications.