1.0.1 • Published 10 years ago
shimo-rbac v1.0.1
usage
const rbac = new RBAC(roles, options);
// 访问路由时检查权限
// allow: result = null
// deny: result = [deny reason]
const result = rbac.check({
roles: 'admin' // roleId or array of roleId,
target: 'get /admin', // route
});
// 更新数据时检查权限
// allow: result = null
// deny: result = [deny reason]
const result = rbac.check({
roles: 'admin' // roleId or array of roleId,
target: 'team', // model name
source: { // data to update
balance: 999,
}
});roles
- name {String}
- merge {Enum: force | merge} 多个 role 如何合并权限, force 独占, merge 合并
- weight {Number} 合并权限时的权重
- desc {String}
| name | merge | weight |
|---|---|---|
| admin | force | 1 |
| banned | force | 2 |
| free | merge | 999999 |
| vip | merge | 10 |
| alpha | merge | 0 |
permissions
- target {String}
- action {Enum: deny(0) | read(1) | write(2) | readwrite(3)}
| role | target | action |
|---|---|---|
| admin | team.balance | 3 |
| guest | get / | 1 |
| guest | get /desktop | 0 |
| free | get /desktop | 1 |
| free | get /vip_feature | 0 |
| vip | get /vip_feature | 1 |
| alpha | get /alpha_feature | 1 |
列表中的权限默认为禁止 普通用户 free 付费用户 free vip 合并 禁止用户