Build a blog with Areto Node.js framework

Administration module

Easily develop and manage the different parts of an application using modules.

Blog's administration module

Create the modules/admin directory in the root of the application. The file structure within the module can be equal to the structure of the application files. In fact, the module contains a sub application. The module can have its own configuration, inherit or create components that contain child modules.

The areto/filters/AccessControl filter is used in the Admin class objects to protect the admin module from unauthorized access. This filter based on rules defined in the rules parameter. Each rule element initializes the areto/filters/AccessRule class object.

This allow property defines the type of rules allowing (true) or forbidding (false). The roles property contains an array of roles that use this rule. In addition to roles in the rbac/items file, there are two built-in roles:

  • ? - an anonymous (guest) user.
  • @ - a logged-on user.

If a user is anonymous, the filter will redirect him to the login form. If a user is logged and does not have access, then the "403 Access Denied" message is displayed.


'use strict';
const Base = require('areto/base/Module');
class Admin extends Base {
  static getConstants ()  {
    return {
      BEHAVIORS: {
        access: {
          Class: require('areto/filters/AccessControl'),
          rules: [{
            allow: true,
            roles: ['reader']
module.exports = new (Admin.init(module));

Append the modules section with the admin module in the application configuration. Now all administrative actions will be available at /admin/{controller}/{action}.


module.exports = {
  modules:  {
    'admin': {}