@fliege01/purpleberry v1.0.0-dev.3
Introduction
Installation
npm install --save @fliege01/purpleberry
yarn install @fliege01/purpleberryExamples
import PermissionManager from '@fliege01/purpleberry';
const myRoleSchema = {
$version: 1,
statements: [
{
"action": "some.action",
"resource": "*"
},
{
"action": "another.action:any",
"resource": "a.special.resource"
}
]
}
const PM = new PermissionManager();
PM.addRoleSchema('myRole', myRoleSchema);
const roleCtx = PM.createRoleContext('myRole');
roleCtx.can('some.action', 'some.resource', true); // returns true
roleCtx.can('some.action', 'some.resource', false); // returns false since is not owner
roleCtx.can('another.action', 'another.resource', false); // returns false
roleCtx.can('another.action', 'a.special.resource', false); // returns true Policies
PurpleBerry uses role and permission policies to manage single statements of the application. A role can reference to other roles and permission policies. Permission policies can only reference to other permission policies.
Simple dependency schema
Permission
/ \
Role Permission
\ /
Role -- PermissionOwnerships
Each action can points to ressources which are owned or not. If no further informations provided, PurpleBerry will work as the action only matches to owned ressources.
If you want the action to also apply to not owned ressources you need to add a :any at the end of te action definition. posts.*:any or user.updatePassword:any
The ownerships are not handled by PurpleBerry. To determine if the ressource is owned you need to pass the boolean parameter to the .can(string, string[, boolean]) function
Statements
A statement is a combination of one or multiple actions AND one or multiple resources. The permission is granted if both elements hits inside one single statement. Role and permission policies can store multiple statements.
{
"action": [
"updateProfile"
],
"resource": [
"profile.*"
]
}