1.0.3 • Published 3 years ago
jotive-acl-module v1.0.3
Jotive Nestjs ACL Module
Nesjs module for ACL (Access Control List)
Usage
create a acl file with postfix acl.ts
Add the capibilities for the entity that you need
import { Capability, BaseCapability } from '@jotive/jotive-acl-module';
import { TeamMemberService } from '../team-member/team-member.service';
import { TeamRole } from '../team-member/role.enum';
// BaseCapability has only property currentUserId
// Add the extra properties that you need for verifing the access for the user to
// the extend of the entity.
export interface ProjectCapability extends BaseCapability {
readonly targetTeamId: string;
readonly teamMemberService: TeamMemberService;
}
// Access for read example
export const ProjectRead: Capability<ProjectCapability> = {
name: 'project:read',
when: async (params, result) => {
const teamMember = await params.teamMemberService.findOneByTeamAndUser(params.targetTeamId, params.currentUserId);
if (teamMember === undefined) {
return result(null, false);
}
if (teamMember.role >= TeamRole.READONLY) {
return result(null, true);
}
return result(null, false);
},
};
// Access for update example
export const ProjectUpsert: Capability<ProjectCapability> = {
name: 'project:upsert',
when: async (params, result) => {
const teamMember = await params.teamMemberService.findOneByTeamAndUser(params.targetTeamId, params.currentUserId);
if (teamMember === undefined) {
return result(null, false);
}
if (teamMember.role >= TeamRole.ADMIN) {
return result(null, true);
}
return result(null, false);
},
};
// Access for delete example
export const ProjectDelete: Capability<ProjectCapability> = {
name: 'project:delete',
when: async (params, result) => {
const teamMember = await params.teamMemberService.findOneByTeamAndUser(params.targetTeamId, params.currentUserId);
if (teamMember === undefined) {
return result(null, false);
}
if (teamMember.role >= TeamRole.ADMIN) {
return result(null, true);
}
return result(null, false);
},
};
import
import in the entity module
import { ACLModule } from '@jotive/jotive-acl-module';
import { ExportCreate, ExportDelete, ExportRead } from './export.acl';
@Module({
imports: [
ACLModule.forCapabilities('ACL-Export', [ExportCreate, ExportDelete, ExportRead]),
// ...
]
})
Use in controller for acess checking
// CHECK IF USER HAS ACCESS
await this.aclService.can(ExportRead, {
currentUserId: user.id,
targetProjectId: exportItem.projectId,
teamMemberService: this.teamMemberService,
projectService: this.projectService,
});
NEVER FORGET USING AWAIT !!
If the user access is not enough a FORBIDDEN error will be thrown.