@tenancy.tly/policies v0.0.4
Tenancy - Authorization policies
If you're wondering how we handle access control, you've come to the right place.
We use a set of programming rules that determine who is authorized to access a particular resource or perform a particular action.
This package is used by the main API to authorize access to resources and actions. It is also used by the main API to determine which resources and actions are available to a user.
This may sound complicated, but it's not. The policies are just functions that receive a context and return a boolean value. The context contains the user claims and the resource.
How it works?
- Select the policy that you want to use.
- The policy will receive a context.
- The policy will return a boolean value.
- Done! 🎉
Example
import { Context, Policies } from '@tenancy.tly/policies'
const context: Context = {
user: {
memberships: [
{
organizationId: 'organization-id',
roles: ['roles:admin'],
},
],
},
organizationId: 'organization-id',
roles: ['roles:admin'],
}
if (Policies.Roles.isAllowed(context)) {
// Do something
}If you are using another programming language, you should not worry about using these policies, event if you are using it.
These policies although available as a package, are intended for internal use of the main API.
The tenancy API takes care of using these policies and gets the user's claims from the access token.