1.0.3 • Published 3 years ago

jotive-acl-module v1.0.3

Weekly downloads
-
License
UNLICENSED
Repository
gitlab
Last release
3 years ago

Jotive Nestjs ACL Module

Nesjs module for ACL (Access Control List)

Usage

create a acl file with postfix acl.ts

Add the capibilities for the entity that you need

import { Capability, BaseCapability } from '@jotive/jotive-acl-module';
import { TeamMemberService } from '../team-member/team-member.service';
import { TeamRole } from '../team-member/role.enum';

// BaseCapability has only property currentUserId
// Add the extra properties that you need for verifing the access for the user to
// the extend of the entity.
export interface ProjectCapability extends BaseCapability {
    readonly targetTeamId: string;
    readonly teamMemberService: TeamMemberService;
}

// Access for read example
export const ProjectRead: Capability<ProjectCapability> = {
    name: 'project:read',
    when: async (params, result) => {
        const teamMember = await params.teamMemberService.findOneByTeamAndUser(params.targetTeamId, params.currentUserId);
        if (teamMember === undefined) {
            return result(null, false);
        }
        if (teamMember.role >= TeamRole.READONLY) {
            return result(null, true);
        }
        return result(null, false);
    },
};

// Access for update example
export const ProjectUpsert: Capability<ProjectCapability> = {
    name: 'project:upsert',
    when: async (params, result) => {
        const teamMember = await params.teamMemberService.findOneByTeamAndUser(params.targetTeamId, params.currentUserId);
        if (teamMember === undefined) {
            return result(null, false);
        }
        if (teamMember.role >= TeamRole.ADMIN) {
            return result(null, true);
        }
        return result(null, false);
    },
};

// Access for delete example
export const ProjectDelete: Capability<ProjectCapability> = {
    name: 'project:delete',
    when: async (params, result) => {
        const teamMember = await params.teamMemberService.findOneByTeamAndUser(params.targetTeamId, params.currentUserId);
        if (teamMember === undefined) {
            return result(null, false);
        }
        if (teamMember.role >= TeamRole.ADMIN) {
            return result(null, true);
        }
        return result(null, false);
    },
};

import

import in the entity module

import { ACLModule } from '@jotive/jotive-acl-module';
import { ExportCreate, ExportDelete, ExportRead } from './export.acl';

@Module({
  imports: [
  ACLModule.forCapabilities('ACL-Export', [ExportCreate, ExportDelete, ExportRead]),
  // ...
  ]
})

Use in controller for acess checking

// CHECK IF USER HAS ACCESS
await this.aclService.can(ExportRead, {
    currentUserId: user.id,
    targetProjectId: exportItem.projectId,
    teamMemberService: this.teamMemberService,
    projectService: this.projectService,
});

NEVER FORGET USING AWAIT !!

If the user access is not enough a FORBIDDEN error will be thrown.

@rbac/rbac
1.0.3

3 years ago

1.0.2

3 years ago