Code Monkey home page Code Monkey logo

acl's Introduction

Build Status

ACL

ACL is a JavaScript library based on the Zend Permissions ACL library that works equally well on the server as in the browser.

Introduction

ACL is a role/resource based ACL that allows for easy definition of permissions by combining rules for specific roles, resources and privileges. Roles can inherit from earlier defined roles and resources can inherit from earlier defined resources. After the ACL is loaded with a permissions set, easy testing through the isAllowed method returns either a true or false value.

Installation

npm install --save acljs

Tests

To run the tests, after cloning this repository first install the required dependencies:

npm install

You can now run the tests by issuing the following command:

./node_modules/.bin/jasmine

Usage

To use ACL start by defining a permissions list. We can start with an empty list:

var permissions = {
  roles:     [],
  resources: [],
  rules:     []
};

Our permissions list contains three top-level requirements, roles, resources and rules. The idea behind this role based ACL is that a specific role has access to resources through specified rules. Don't confuse the elements you define in this list with 'real' objects in your application. The ACL is simply be a structure (or model) we can test against, it can be static and therefore it's not required to be stored in a database. You can define the ACL as a business object in your application or as part of your business rules. However, if you prefer, or if your ACL is dynamic, you can store the permissions set in database if you wish to do so.

OK. Let's add some permissions..

For the purpose of this demonstration we define four roles; guest, member, author and admin. For the sake of argument, we define the resources for a simple blog so we have post and comment as resources:

var permissions = {
  roles: [
    {name: "guest"},
    {name: "member", parent: "guest"},
    {name: "author", parent: "member"},
    {name: "admin"}
  ],
  resources: [
    {name: "post"},
    {name: "comment"}
  ],
  rules: []
};

Easy as. Now lets define a rule that allows guests to view both posts and comments:

var permissions = {
  roles: [
    {name: "guest"},
    {name: "member", parent: "guest"},
    {name: "author", parent: "member"},
    {name: "admin"}
  ],
  resources: [
    {name: "post"},
    {name: "comment"}
  ],
  rules: [
    {
      access:     "allow",
      role:       "guest",
      privileges: ["view"],
      resources:  ["post", "comment"]
    }
  ]
};

As you can see, the rule is pretty straight forward. both privileges and resources can either be set as single values or as an array. Notice how the values on the right hand side can be read in a meaningful way; "allow guest to view post & comment".

Now, let's create a rule that allows members to create comments:

var permissions = {
  roles: [
    {name: "guest"},
    {name: "member", parent: "guest"},
    {name: "author", parent: "member"},
    {name: "admin"}
  ],
  resources: [
    {name: "post"},
    {name: "comment"}
  ],
  rules: [
    {
      access:     "allow",
      role:       "guest",
      privileges: ["view"],
      resources:  ["post", "comment"]
    }, {
      access:     "allow",
      role:       "member",
      privileges: ["create"],
      resources:  ["comment"]
    }
  ]
};

Great. Now let's fill in the rest of the permissions:

var permissions = {
  roles: [
    {name: "guest"},
    {name: "member", parent: "guest"},
    {name: "author", parent: "member"},
    {name: "admin"}
  ],
  resources: [
    {name: "post"},
    {name: "comment"}
  ],
  rules: [
    {
      access:     "allow",
      role:       "guest",
      privileges: ["view"],
      resources:  ["post", "comment"]
    }, {
      access:     "allow",
      role:       "member",
      privileges: ["create"],
      resources:  ["comment"]
    }, {
      access:     "allow",
      role:       "author",
      privileges: ["create", "edit", "delete"],
      resources:  ["post"]
    }, {
      access:     "allow",
      role:       "admin",
      privileges: null,
      resources:  null
    }
  ]
};

We added the author permissions to allow authors to create, edit and delete posts and we've allowed the admin to perform all privileges (null) or all resources (null).

To use the permissions we need to load the permissions into the ACL, like this:

var acl = new Acl(permissions);

We can now test if a specified role can perform a requested privilege on a specified resource. E.g:

acl.isAllowed('guest', 'post', 'view');
// true

acl.isAllowed('member', 'post', 'delete');
// false

acl.isAllowed('admin', 'post', 'delete');
// true

That's easy as!

acl's People

Contributors

em0ney avatar northern avatar snoblenet avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

northern chris-armstrong piousbox briansu2004

acl's Issues

Rewrite for es6

While not a high priority, would love to have this rewritten for es6 and have devDependencies to transpile the code to es5

Support regular expressions for privilege checks

Would be great to be able to pass either a string or a regular expression value for the privilege argument to isAllowed.

This means that if we want to interpret read privileges over all resources, but a team resource may have multiple privilege types matching read, e.g. read, billing.read, invoices.read, one check could be employed /.read$/

Implement CI/CD automation for tests and deployment

Utilise TravisCI or one of the other free providers we have utilised previously to test, transpile ( if done after #4 ) and deploy to npm's package registry when builds are triggered on master.

All other branches should still test the code

Publish to NPM

I have created a new tag, 1.0.2, but then I realised that I can't publish to NPM (it doesn't seem to sync to the latest tag by itself).

Can you please publish the latest tag?

Thanks.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.