3.3.1 • Published 6 years ago
progressly-permissions-engine v3.3.1
Progressly Permissions Engine 
See the spec for an overview
API v2
definitions
Context
const context = `${resource.type}:${resource.id}`Actor
const actor = `${resource.type}"${resource.id}:${role}`Action
const action = `${resource.type}:${verb}`Policy:
{
'context': {
[actor]: {
"policy": {
"action": true
}
}
}
}In English:
This context declares the following rules:
Actor can do action {
'context': {
[actor]: {
"policy": {
"action": contextB
}
}
}
}In English:
This context declares the following rules:
Actor can do action if acting in contextB {
'context': {
[actor]: {
"role": [role]
}
}
}In English:
This context declares the following rules:
Actor is also these actors: ([`${context}:{role}`])API V2
import {can} from 'progressly-permissions-engine'
can({policies, actors, scope, action}) = true || falseACTORS:
["user:1:self", "organization:1:member", "team:1:admin"]SCOPE:
["process:abc", "execution:123", "organization:1", "team:1"]ACTION:
"process.read"POLICIES:
const policies = {
"organization:1": { // the rules associated with this resource ("organization:1")
"organization:1:admin": { // this actor ("organization:1:admin") in this resource gets this role/policy
"policy": {
"organization.edit": true,
// the actor gets this permission ("organization.edit")
"organization.delete": true
}
}
},
"process:abc": { // the rules associated with this resource ("process:abc")
"user:1:self": {
"roles": ["owner"] // this actor ("user:1:self") gets these roles (["process:abc:owner"])
},
"team:1:admin": {
"policies": {
// this actor ("team:1:admin") gets this policy (custom policy)
"execution.read": "team:*"
// the actor gets this permission ("execution.read") if any context in scope matches "team:*"
}
},
"team:1:member": {
"policies": {
"execution.read": "team:1"
// the actor gets this permission ("execution.read") if any context in scope matches "team:1"
}
}
},
"execution:123": {} // there are no rules associated with this resource ("execution 123")
}