Nebulous Pumpkin Moons

    accesscontrol-middleware

    1.0.3 • Public • Published

    accesscontrol-middleware

    config your express routes to have role and attribute based access control.

    This middleware helps to config express routes to check permission granted with accesscontol.

    Installing / Getting started

    Install via npm

    npm install accesscontrol-middleware --save

    Now define roles and grants via accesscontol.

    const ac = new AccessControl();
    ac.grant('user')                    // define new or modify existing role. also takes an array.
        .createOwn('profile')             // equivalent to .createOwn('profile', ['*'])
        .deleteOwn('profile')
        .readAny('profile')
      .grant('admin')                   // switch to another role without breaking the chain
        .extend('user')                 // inherit role capabilities. also takes an array
        .updateAny('profile')
        .deleteAny('profile');

    Initialize AccessControlMiddleware

    const AccessControlMiddleware = require('accesscontrol-middleware');
     
    const accessControlMiddleware = new AccessControlMiddleware(ac);

    config any express route

     
    route.put('/profile/:userId',
      accessControlMiddleware.check({ 
        resource : 'profile',
        action : 'update',
        checkOwnerShip : true, // optional if false or not provided will check any permission of action
        operands : [
          { source : 'user', key : '_id' },  // means req.user._id (use to check ownership)
          { source : 'params', key : 'userId' } // means req.params.userId (use to check ownership)
        ]
      }),
      controller.updateProfile);

    Tests

    npm test

    Keywords

    none

    Install

    npm i accesscontrol-middleware

    DownloadsWeekly Downloads

    17,114

    Version

    1.0.3

    License

    MIT

    Unpacked Size

    16.2 kB

    Total Files

    7

    Last publish

    Collaborators

    • pawanpandey