Coder Social home page Coder Social logo

nod's Introduction

Nod

Fast, generic, simple access control system for node.js.

Installation

$ npm install nod

Introduction

nod is used by consuming applications to manage a map of permissions that let you later check or enforce that certain subjects have permissions on specific objects.

grant

grant(subject, resource, permission, [condition])

Subjects, resources, and permissions can be strings, numbers, objects or arrays. Strings or numbers will be treated as individual keys where arrays will be treated as a collection of keys to objects. If an object is used, then it must have an id field defined (_id by default, but this can be set through configuration). A wildcard string can be used as well to indicate 'all' in any position, but use this sparingly (see revoke).

Note that all the mandatory parameters are pretty arbitrary; nod attaches no semantic meaning to your permission names, nor does it assume any kind of inheritance in this release. However, resources and permissions will be used as property keys in a javascript object (see getPermissions below), so they must be valid for use as object keys.

The one optional parameter, condition, is a function that will be called instead of the normal 'check' call when evaluating if a given subject has the specified rights. It has the same signature as check (subject, resource, permission) and should explicitly return true or false to indicate whether access should be granted or not. Note, however that it still has to find the condition based on the first three params, so it may be useful to place it with wildcards (see example)

// assuming some object named article
nod.grant('peter', article.id, 'read');   // peter can read the article with article.id
nod.grant(['admins','users'], 'article', 'read'); // admins and users can read an article
nod.grant('admins', 'users', '*'); // admins have all rights to affect users
nod.grant('*', '*', 'read', function(s,r,p){ return /posts\/\d+/.test(r); }); // grants read rights to all users for all resources that pass the regex test

check or enforce

check(subject, resource, permission) enforce(subject, resource, permission)

check returns true if a subject has a permission on a given resource, and false if it does not. You can also provide an array of subjects, in which case check returns true if any of the subjects have that permission on the resource. This is mostly to allow easy checking of a user's roles against a resource.

enforce by contrast calls check and then throws an AccessDeniedError if the check returns false.

You can, check peter's rights as follows:

var peter = {_id : 'peter', roles : ['user', 'contributor']};
nod.check(peter._id, article.id, 'read'); // returns true
nod.check(peter._id, article.id, 'write'); // returns false
nod.enforce(peter._id, article.id', write'); // throws an AccessDeniedError
nod.check(peter.roles, article.id, 'read');

revoke

revoke(subject, resource, permission)

If you later change your mind, you can always revoke permissions as well. As with grant, you can pass arrays instead of numbers or strings to revoke lists of things

nod.revoke('peter', article.id, 'read');
nod.revoke('peter',article.id, ['read','write']);
nod.revoke(['peter','stewie'], article.id, 'read');

Note that wildcards must be revoked as a wildcard. You cannot successfully grant with a wildcard and then revoke for something more specific:

nod.grant('*', 'articles', 'write');
nod.revoke('peter', 'articles', write');
nod.check('peter','articles','write'); // returns true since the wildcard is still in place

// you must remove the wildcard:
nod.revoke('*','articles','write');

getPermissions

getPermissions()

You can also view a copy of the permissions map through getPermissions

nod.grant('peter', '102029192', 'read');
nod.getPermissions();
// returns { '102029192' : { read : {peter : true }}}

setPermissions

setPermissions(obj)

And finally, you can set permissions as well

nod.setPermissions({'102029192' : {read : {peter : true, stewie : true }}});
nod.check('stewie', '102029192', 'read'); // returns true

Note that setting permissions this way should be done with caution as it just does a bulk overwrite of the current hash.

Configuration

At the moment, the only option that does anything is setting the wildcard character (by default, '*'). You do this by calling nod as a function.

var nod = require('nod');
nod({ wildcard : '$'});

nod's People

Contributors

pvencill avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.