daxc v0.2.2-alpha.6
daxc
AccessControl with Functional Operations (Higher-order Function) Implementation
Overview
daxc is AccessControl that provides Access on Resources based on Roles and Attributes. It implements Functional Operations.
Concepts
Access
In daxc, Access describes the capabilities to access any Resources. daxc defines three access capabilities: Accessible, Permissions, and Subjects. Let's dive deep into these three access capabilities:
- Accessible: determines whether Resource can be accessed
- Permissions: defines actions or activities permissions on Resource
- Subjects: defines read and write capabilities on any subject in Resource
type Access = {
accessible: boolean;
permissions: { [permission: string]: PermissionsType; };
subjects: { [subject: string]: SubjectsType; };
};Accessible
It's a simple access capability that simply describes whether the Resource can be accessed.
Permissions and Subjects
In daxc, the Permissions and Subjects can be defined as any type of values. However, daxc defines common Permissions and Subjects as following:
Permissions
- All: Permission is granted
- Attribute: Permission is granted based on Attributes (of Identity and Resource)
- Owner: Permission is granted only Owner
- None: Permission is NOT granted
Subjects
- Read_Write: Subject can be read or written
- Read_WriteAttribute: Subject can be read, but write is granted based on Attributes (of Identity and Resource)
- Read_WriteOwner: Subject can be read, but write is granted to Owner
- ReadAttribute_WriteAttribute: Subject can be read or written based on Attributes (of Identity and Resource)
- ReadAttribute_WriteOwner: Subject can be read based on Attributes (of Identity and Resource), but write is granted to Owner
- ReadOwner_WriteOwner: Subject can be read or written by Owner
- ReadOnly: Subject can be read only
- ReadAttributeOnly: Subject can be read based on Attributes (of Identity and Resource) only
- ReadOwnerOnly: Subject can be read by Owner only
- None: Subject cannot be read nor written
Resources
In daxc, Resources represent any resource that requires different access capabilities. Resources require name (resource) and Access with default values.
Resources can be anything! It can be pages of websites, components in module, or any data in application.
type ApplicationState = {
resources: {
[resource: string]: Access;
};
};Examples #1: Products, as Resources, can usually be accessed and listed by anyone, but not be deleted.
const ApplicationState = {
resources: {
Products: {
accessible: true,
permissions: {
List: PERMISSIONS.All,
Delete: PERMISSIONS.None,
}
}
}
};Roles
In daxc, Roles represent any role that has alternative Access. Roles provides possibilities to have alternative Access from Resources Access as the result of reducing function. Roles requires name (role).
To alternate Resource Access, specify the Resource and Role Access: Accessible, Permissions, and Subjects for that Role.
type ApplicationState = {
roles: {
[role: string]: {
resources: {
[resource: string]: Access;
};
};
};
};Examples #2: Marketings and Accountants can change Products. Only Accountants can set Price. Because the Cost in Product is sensitive information, only Accountants can see and set.
const ApplicationState = {
resources: {
Products: {
accessible: true,
permissions: {
List: PERMISSIONS.All,
Delete: PERMISSIONS.None,
Edit: PERMISSIONS.None,
},
subjects: {
Price: SUBJECTS.ReadOnly,
Cost: SUBJECTS.None,
}
}
},
roles: {
Marketings: {
resources: {
Products: {
permissions: {
Edit: PERMISSIONS.All,
},
subjects: {
Price: SUBJECTS.Read_Write,
}
}
}
},
Accountants: {
resources: {
Products: {
permissions: {
Edit: PERMISSIONS.All,
},
subjects: {
Price: SUBJECTS.Read_Write,
Cost: SUBJECTS.Read_Write,
}
}
}
}
},
};Identity
In daxc, Identity represents any entity that requests to access Resources. Identity requires roles property.
type Identity = {
roles: string[];
};toIdentity()
In case that Identity in current application has no roles properties, it can be provided via function, () => Identity as toIdentity().
const currentIdentity = {
...
organization: 'SampleRole',
...
};
const toIdentity = (currentIdentity) => ({ roles: [ currentIdentity.organization ] });
// { roles: ['SampleRole'] } as resultResource
In daxc, Resource represents any entity which Identity requests access to. Resource requires name property.
type Resource = {
name: string;
};toResource()
In case that Resource in current application has no name properties, it can be provided via function, () => Resource as toResource().
const currentResource = {
...
};
const toResource = (currentResource) => ({ name: 'SampleResource' });
// { name: 'SampleResource' } as resultApplication State
It's easy to understand an application when we know the Application State.
type ApplicationState = {
resources: {
[resource: string]: {
accessible: boolean;
permissions: { [permission: string]: PermissionsType; };
subjects: { [subject: string]: SubjectsType; };
};
};
roles: {
[role: string]: {
resources: {
[resource: string]: {
accessible?: boolean;
permissions?: { [permission: string]: PermissionsType; };
subjects?: { [subject: string]: SubjectsType; };
};
};
};
};
};Process
IdentityAccess
AccessControl(Identity) => IdentityAccessAccessControl can provide IdentityAccess when it operates with Identity that has roles.
AccessDataReducer
AccessDataReducing<T> = (accumulator: T, value: T, initial?: T, role?: string) => T;3 years ago
3 years ago
3 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago