1.0.1 • Published 8 years ago
shimo-rbac v1.0.1
usage
const rbac = new RBAC(roles, options);
// 访问路由时检查权限
// allow: result = null
// deny: result = [deny reason]
const result = rbac.check({
roles: 'admin' // roleId or array of roleId,
target: 'get /admin', // route
});
// 更新数据时检查权限
// allow: result = null
// deny: result = [deny reason]
const result = rbac.check({
roles: 'admin' // roleId or array of roleId,
target: 'team', // model name
source: { // data to update
balance: 999,
}
});
roles
- name {String}
- merge {Enum: force | merge} 多个 role 如何合并权限, force 独占, merge 合并
- weight {Number} 合并权限时的权重
- desc {String}
name | merge | weight |
---|---|---|
admin | force | 1 |
banned | force | 2 |
free | merge | 999999 |
vip | merge | 10 |
alpha | merge | 0 |
permissions
- target {String}
- action {Enum: deny(0) | read(1) | write(2) | readwrite(3)}
role | target | action |
---|---|---|
admin | team.balance | 3 |
guest | get / | 1 |
guest | get /desktop | 0 |
free | get /desktop | 1 |
free | get /vip_feature | 0 |
vip | get /vip_feature | 1 |
alpha | get /alpha_feature | 1 |
列表中的权限默认为禁止 普通用户 free 付费用户 free vip 合并 禁止用户