@wealthbar/authz NPM

authz

Short for Authorization (which is "can I" as opposed to Authentication which is "who am I").

authz functions

type authzType = (ctx: authzCtxType) => boolean

An authz function takes a context (see next section) and returns either true if authorization is granted, or false is not.

authz context

type authzCtxType = {
  permissions: {
    [name: string]: boolean,
  },
  user?: {
    id?: string,
  }
};

An authz context contains information about the current authorized user (their id), and the permissions they currently have.

`anon`

anon always returns true, i.e. everyone is authorized, even those without a user id.

`anyUser`

anyUser returns true for any user. i.e. any logged in users are authorized; sessions without a user id are not.

`anyOf(permissions: string[]): authzType`

anyOf generates an authz function that will return true for users with any of the permissions past in the permissions array.

`allOf(permissions: string[]): authzType`

allOf generates an authz function that will return true for users with all of the permissions past in the permissions array.

`anyOfAuthz(authzs: authzType[]): authzType`

anyOfAuthz generates an authz function that will return true for users when any of the authz functions past in the authzs array return true.

`allOfAuthz(authzs: authzType[]): authzType`

allOfAuthz generates an authz function that will return true for users when all of the authz functions past in the authzs array return true.

Example

import {authz} from "@wealthbar/authz"

const hasAandBorC = authz.anyOfAuthz([authz.allOf(["A", "B"]), authz.anyOf(["C"])]);

hasAandBorC requires a user with permissions to both "A" and "B" or permission to "C".

permission authorization authz

@types/mocha @types/node @types/sinon debug mocha node npm nyc sinon source-map-support ts-lint ts-node typescript

@infinitebrahmanuniverse/nolb-_wea @everything-registry/sub-chunk-1004

1.1.0

7 years ago

1.0.0

7 years ago