redis-acl v1.0.3
redis-acl
Access control list with redis - user roles and access management
redis-acl
Access control list with redis - user roles and access management
This module provides an ACL implementation providing following features.
Features
- Add / Remove resources + Create resource hierarchies
- Add Roles
- Add Tasks
- Allow / Remove User's resource access
- Get user roles for resources
- Check user access for particular resource's to perform a task
Installation
Using npm:
npm install redis-acl
Documentation
- addResource
- addChildResource
- deleteResource
- addRole
- addTask
- allowResourceAccess
- removeResourceAccess
- getRole
- checkAccess
Examples
Create your acl module by requiring it and instantiating it with redis instance details:
let acl = require('redis-acl');
// Connect with redis instance
let redisConnectionConf = {
"host": "127.0.0.1",
"port": 6379
};
acl = new acl(redisConnectionConf);
All the following functions take a callback with an err and response parameters as last parameter.
Add resources:
// add new resource
acl.addResource("blogs",(err, res)=>{});
// add child resource and create resource hierarhy
// creating child resource implicitly creates parents
acl.addChildResource("blogs", "tech-blogs", (err, res)=>{});
acl.addChildResource("tech-blogs", "device-reviews", (err, res)=>{});
acl.addChildResource("tech-blogs", "os-reviews", (err, res)=>{});
Delete resource:
// second parameter decides whether to keep hierarchy intact or to delete resource's children too
// keep hierarchy
acl.deleteResource("blogs", true, (err, res)=>{
// this will only delete "blogs" resource and its children ("tech-reviews", "os-reviews") will be attached to root parent
});
// delte hierarchy
acl.deleteResource("blogs", false, (err, res)=>{
// this will delete entire hierarchy below "blogs" resource i.e its children and their children(if any)
});
Add Role(s):
acl.addRole("admin", (err, res)=>{});
Add allowed task(s) to role(s):
// adding tasks to roles implicitly creates roles
acl.addTask("admin", ["view","modify","delete"], (err, res)=>{});
Allow user to access a resource(s) with a role(s):
// It gives access to resources and its children with same roles.
acl.allowResourceAccess("david", "device-reviews", ["admin"], (err, res)=>{});
Remove user's role to access a resource(s):
// this will remove user's mentioned role for mentioned resource(s)
acl.removeResourceAccess("david","device-reviews","admin",(err, res)=>{});
Get user roles for resource:
acl.getRole("david", "device-reviews", (err, res)=>{
// this will return an array of available roles
// res => ["admin"]
})
Check user's access to perform a task on a resource:
acl.checkAccess("david", "device-reviews", "modify", (err, res)=>{
// this will return a boolean value true / false
// res => true
});
Methods
addResource( resource, function(err) )
Adds new parent resources.
Arguments
resource {String|Number} Resource.
callback {Function} Callback called when finished.
addChildResource( parentResource , childResource(s), function(err) )
Adds child resource(s) to another resource.
Arguments
parentResource {String|Number} Parent resource.
childResource {String|Number|Array[String|Number]} Child resources to add.
callback {Function} Callback called when finished.
deleteResource( resource, keepHierarchy, function(err, roles) )
Deletes a resource with or without its entire children hierarchy.
Arguments
resource {String|Number} Resource.
keepHierarchy {Boolean} Boolean identifier to indicate whether to keep children hierarchy intact or to delete it.
callback {Function} Callback called when finished.
addRole( role, function(err, users) )
Adds new role.
Arguments
role {String|Number|Array[String|Number]} Role.
callback {Function} Callback called when finished.
addTask( roles, tasks, function(err, hasRole) )
Add allowed task(s) to role(s).
Arguments
roles {String|Number|Array[String|Number]} roles.
tasks {String|Number|Array[String|Number]} tasks.
callback {Function} Callback called when finished.
allowResourceAccess( user, resource, roles, function(err) )
Allows user to access mentioned resource with mentioned role(s).
Arguments
user {String|Number} user.
resource {String|Numebr} resource
roles {String|Array|Array[String|Number]} roles.
callback {Function} Callback called when finished.
removeResourceAccess( user, resource, roles, function(err) )
Removes user's access for mentioned resource for mentined roles.
Arguments
user {String|Number} user.
resource {String|Numebr} resource.
roles {String|Array|Array[String|Number]} roles.
callback {Function} Callback called when finished [optional].
getRole( user, resource, function(err) )
Returns list of available roles of user for mentioned resource.
Arguments
user {String|Number} user.
resource {String|Numebr} resource.
callback {Function} Callback called when finished.
Checks user's access to perform mentioned task on mentioned resource
Arguments
user {String|Number} user.
resource {String} resource.
task {String|Number} task.
callback {Function} Callback called when finished.
Contributors
The original author of redis-acl is Tushar Sanap
License
Future work
- Support for diffrent roles for inherited access.