1.1.0 • Published 2 years ago

node-rbac v1.1.0

Weekly downloads
3
License
BSD
Repository
github
Last release
2 years ago

node-rbac

It is implementation of hierarchical role based account control implementation for node (with filters).

Install

Install it using following command:

> npm install node-rbac

Rule schema

    {
        name: String,        // required. Name of rule
        children: [String],  // optional. List of rules 
        deny: Boolean        // optional. Return false for this rule when it set as true
        filter: () => {}     // optional. Test functions which returns true/false
    }

Settings

    {
        strategy: String  // optional. Strategy can be ALL_ALLOWED, ANY_ALLOWED, ALL_DENIED, ANY_DENIED @see RBAC.STRATEGIES
    }

Usage

const RBAC = require('node-rbac');

// Create a main instance of RBAC with all tree of rules
const rbac = new RBAC([
  {
    name: 'Guest',
    children: [
      'Comments viewer',
      'Posts viewer'
    ]
  },

  {
    name: 'User',
    children: [
      'Users viewer', 'users self manage',
      'Comments viewer', 'comments self manage', 'comments create',
    ]
  },

  {
    name: 'Comment Manager', // can delete any comment, because doesn't have rule with filter
    children: [
      'Users viewer', 'users self manage',
      'comments update', 'comments delete', 'comments create',
    ]
  },

  {
    name: 'Comments viewer',
    children: ['comments one', 'comments list']
  },
  {
    name: 'comments self manage',
    children: ['comments update', 'comments delete'],
    filter: params => String(params.userId) === String(params.commentAuthorId) // returns true if current user is author of comment
  },

  {
    name: 'comments create'
  },
  {
    name: 'comments one'
  },
  {
    name: 'comments list'
  },
  {
    name: 'comments update'
  },
  {
    name: 'comments delete'
  }
], { strategy: RBAC.STRATEGIES.ANY_ALLOWED });

// Create instance of RBAC for selected roles
const userRbac = rbac.getInstance(['User']);
const params = {userId, commentAuthorId};

if (userRbac.can('comments delete', params)) {
    // delete comment
}
1.1.0

2 years ago

1.0.0

5 years ago

1.0.0-beta

6 years ago

0.2.2

10 years ago

0.2.1

10 years ago

0.2.0

10 years ago

0.1.4

10 years ago

0.1.3

10 years ago

0.1.2

10 years ago

0.1.1

10 years ago

0.0.1

11 years ago