1.4.0 • Published 6 years ago

simple-abac v1.4.0

Weekly downloads
5
License
MIT
Repository
github
Last release
6 years ago

simple-abac

Node.js package that makes attribute based access control (ABAC) simple.

Usage

Installation:

npm i simple-abac -S

Import in your project:

  • Typescript/ES6:
  import { SimpleAbac } from 'simple-abac';
  const abac = new SimpleAbac();
  • Javascript(ES5):
  let SimpleAbac = require('simple-abac').SimpleAbac;
  let abac = new SimpleAbac();

Defining permissions:

Allow editor to read all attributes of posts except authorId:

  abac.allow({
    role: 'editor',
    actions: 'read',
    targets: 'post',
    attributes: { mode: 'all', except: ['authorId']},
  });

Allow admin to read all attributes of posts:

  abac.allow({
    role: 'admin',
    actions: 'read',
    targets: 'post',
    attributes: { mode: 'all' },
  });

Allow any to read only content and title of posts:

  abac.allow({
    role: 'any',
    actions: 'read',
    targets: 'post',
    attributes: { mode: 'nothing', except: ['content', 'title'] },
  });

Allow editor to delete only posts created by him:

  abac.allow({
    role: 'editor',
    actions: 'delete',
    targets: 'post',
    condition: (userId, targetOptions) => {
      return userId === targetOptions.authorId;
    }
  });

Asking permissions:

Asking if editor with id: 1 can read post:

  const permission = await abac.can({ id: 1, role: 'editor' }, 'read', 'post', {});
  /* 
  {
    granted: true,
    attributes: {
      mode: 'all',
      except: ['authorId']
    }
  } 
  */

Asking if any can read post:

  const permission = await abac.can(undefined, 'read', 'post', {});
  /* 
  {
    granted: true,
    attributes: {
      mode: 'nothing',
      except: ['content', 'title']
    }
  } 
  */

Asking if editor with id: 1 can delete a post written by editor with id: 3:

  const permission = await abac.can({ id: 1, role: 'editor' }, 'delete', 'post', {authorId: 3, ...});
  /* 
  {
    granted: false,
    attributes: {
      mode: 'nothing'
    }
  }
  */

Asking if editor with id: 3 can delete a post written by editor with id: 3:

  const permission = await abac.can({ id: 3, role: 'editor' }, 'delete', 'post', {authorId: 3, ...});
  /* 
  {
    granted: true,
    attributes: {
      mode: 'all'
    }
  }
  */
abacsimple-abacrolecontrolaccessallowcanpermission
auto-bindlodash
@infinitebrahmanuniverse/nolb-simple-a@everything-registry/sub-chunk-2761
1.4.0

6 years ago

1.3.4

6 years ago

1.3.3

7 years ago

1.3.2

7 years ago

1.3.1

7 years ago

1.3.0

7 years ago

1.2.1

7 years ago

1.2.0

7 years ago

1.1.0

7 years ago

1.0.9

7 years ago

1.0.8

7 years ago

1.0.7

7 years ago

1.0.6

7 years ago

1.0.5

7 years ago

1.0.4

7 years ago

1.0.3

7 years ago

1.0.2

7 years ago

1.0.1

7 years ago

1.0.0

7 years ago