Rbac-rethinkdb NPM

rbac-rethinkdb

Role-based access control for RethinkDB apps.

Instalations

npm install rbac-rethinkdb --save

Usage

With rbac-rethinkdb you can do the following:

Create Roles
Create Permissions
Assing Permission to Role. Create Grant
Assing Permission to specific Subject which can use Resource
Assing Role to Subject
Check if Subject has Permission
Check if Role has Permission

More information about RBAC you can reach by link

RBAC

You can import RBAC separately and use it with your own storage, which should have been implemented with RBAC Storage methods

import { RBAC } from 'rbac-rethinkdb';

const rbac = new RBAC({
  storage: MyOwnRbacStorage(options),
});

But probably you would like to use RethinkDBStorage

import { RBAC, RethinkDBStorage } from 'rbac-rethinkdb';

const rbac = new RBAC({
  storage: RethinkDBStorage(options),
});

Storage

Options

To connect RBAC storage with your DB you should define RethinkDB conect options.

const connectOptions = {
  authKey: '',
  db: 'test',
  host: 'localhost',
  port: 28015,
};

And RBAC RethinkDB storage options would look like

const storageOptions = {
  ...connectOptions,
  subjectTable: 'Users',
  roles: ['Developer', 'QA', 'PM'],
  permissions: ['Write_code', 'Manage_team', 'Check_quality', 'Check_Facebook'],
  resources: [],
  grants: [
    ['Developer', 'Write_code'],
    ['Developer', 'Check_Facebook'],
    ['QA', 'Check_quality'],
    ['QA', 'Check_Facebook'],
    ['PM', 'Manage_team'],
  ],
};

where:

subjectTable: Table in your DB with Subjects. Will create Subjects by default
roles: List of predefined Roles. Can be empty
permissions: List of predefined Permissions. Can be empty
resources: List of Table names with resources which can be used by specific Subject. Can by empty
grants: List of predefined Grants in format [ [ROLE, PERMISSION] ]. Can be empty

Methods

`addRole(role: string): Promise<boolean>`

Add new Role. true if added, false if Role already exsit.

`removeRole(role: string): Promise<boolean>`

Remove existing Role. true if removed.

`addPermission(permission: string): Promise<boolean>`

Add new Permission. true if added.

`removePermission(permission: string): Promise<boolean>`

Remove existing Role. true if removed.

`grant(role: string, permission: stirng): Promise<boolean>`

Assign existing Permission to existing Role. true if assigned.

`removeGrant(role: string, permission: string): Promise<boolean>`

Remove existing Permission from existing Role. true if removed.

`grantSubjectToResource(subjectId, permission, resourceId, resource)`

Assing Permission to specific Subject which can use specfic Resource. An example: as I user I can see all posts, but only I can edit my posts. Params:

subjectId: string - id of Subject from table in DB
permission: string - existing Permission
resourceId: string - id of Resource entity
resource: string - Resource table name Returns: Promise<boolean>

`removeSubjectFromResource(subjectId, permission, resourceId, resource)`

Remove connection between specific Subject and Permission on some Resource. Params, and Returns the same as for grantSubjectToResource()

`can(role: string, permission: string): Promise<boolean>`

Check if Role has a Permission. true if has.

`canAny(roles: Array<string>, permission: string): Promise<boolean>`

Check if any of Roles has a Permission. true if at least one Role has a Permission

`canAll(roles: Array<string>, permission: string): Promise<boolean>`

Check if all Roles have a Permission. true if all Roles has a Permission

`canSubjectUsePermission(subjectId, permission, resourceId, resource)`

Check if specific Subject has a Permission to use specific Resource. true if has. Params, and Returns the same as for grantSubjectToResource()