roles-access-control v1.0.3

roles-access-control

This library contains Context, HOC and hooks for roles and access based control over components and routes.

Installation

This package can be installed as following:

npm i roles-access-control

This package also depends on react. Please make sure you have it installed as well. Also if you need to control routes you also need react-router-dom installed.

Usage

Example of basic usage for component control:

import { useEffect, useState } from "react";
import "./App.css";
import {
    ComponentAccess,
    RolesAccessControlContextProvider
} from "roles-access-control";

function App() {
    return (
        <RolesAccessControlContextProvider
            currentUserRole="admin"
            rolesAccesses={{
                user: ["read", "write"],
                admin: ["read", "write", "delete"],
            }}
        >
            <ComponentAccess
                allowedRoles={["user", "admin"]}
                permissionsRequired="delete"
                fallbackComponent={<>Error</>}
            >
                Hello
            </ComponentAccess>
        </RolesAccessControlContextProvider>
    );
}

export default App;

Here you can see that we wrap the app with the RolesAccessControlContextProvider and pass currentUserRole as admin and also to the rolesAccesses we passed an object with mappings of access to each types of roles. And now ComponentAccess would show the children if permissions are satisfied otherwise it would show fallbackComponent. This is a basic example and we can have much more flexibility with the components and hooks.

RolesAccessControlContextProvider

When using any of the components and hooks we have to wrap our app into this provider.

Props to pass

currentUserRole(required)

string

rolesAccesses(required)

object

The rolesAccesses object should have each role as key and those roles should have an array of strings as a value. The array of strings we give as value is the accesses allowed to that role.

ComponentAccess

We can use this component to render a component if access is permitted otherwise render fallback component.

Props to pass

allowedRoles(required)

string array

It would have all the roles which are allowed to access it.

permissionsRequired(required)

object

This one is interesting because we have 2 options here if we want to only check for 1 permission then we can directly pass that as string. Otherwise we have or and and function for conditional checking. We would discuss about them later.

fallbackComponent

ReactNode

This component would be rendered if permission is not available.

For example,

<ComponentAccess
    allowedRoles={["user", "admin"]}
    permissionsRequired="delete"
    fallbackComponent={<>Error</>}
>
    Hello
</ComponentAccess>

Here Hello would be rendered if you have either user or admin role and delete permission is there inside that role. Otherwise if this is not true then Error would be rendered.

RouteAccess

We can use this component to show some fallback component if access to a page is not allowed or redirect to some other page. It would show the child component if access is allowed.

Props to pass

allowedRoles(required)

string array

It would have all the roles which are allowed to access the page.

redirectTo

string

We can pass a url to this and if permission is not available we would be redirected to that URL.

fallbackComponent

ReactNode

This component would be rendered if permission is not available.

If you have given fallbackComponent than it would be rendered but if you have given both fallbackComponent and redirectTo than you would be redirected to route given in redirectTo.

For example,

<Routes>
    <Route
        path="/a"
        element={
            <RouteAccess allowedRoles={["user"]} redirectTo="/b">
                a
            </RouteAccess>
        }
    />
    <Route
        path="/b"
        element={
            <RouteAccess
                allowedRoles={["admin"]}
                fallBackComponent={<>Not Accessible</>}
            >
                b
            </RouteAccess>
        }
    />
</Routes>

useComponentAccess

This hook is an alternative to ComponentAccess.

Parameters to pass

This hook accepts an object as parameter. In that object you have to pass allowedRoles and permissionsRequired. In the same way you did in ComponentAccess.

What it returns?

It returns an array and if you destructure that the first property is isLoading and second is isPermissionsValid both are booleans value. isPermissionValid tells if access is allowed are not. Based on that you can render the original or fallback component.

For example,

const [isLoading, isPermissionsValid] = useComponentAccess({
    allowedRoles: ["user", "admin"],
    permissionsRequired: "write",
});

Functions - or and and

These two functions can be used to pass permissionsRequired which we have to pass in ComponentAccess component or useComponentAccess whichever you use. These functions are just like || and && operators. Some exmaples,

or("read", "write");

means if we have either read or write permission.

and("read", "write");

means if we have both read and write permission.

We can even nest the or and and functions.

or("read", and("write", "delete"));

means if we have read permission then that's okay but if we dont have that we must have write as well as delete permission.

License

MIT