Synopsis
Authorization is needed in most websites to control access to sensitive information. AllowIf provides a light-weight, flexible Express.js middleware solution that controls access based on roles, activities, or both.
Installation
$ npm install allowif
Usage
In the Express configuration, specify the can and/or isa Authorities. These should be functions that assign a list of valid authorization strings
to the req
object (req.allowif.can
or req.allowif.isa
). Usually the permissions are based on a user that has been authenticated. For example, AllowIf works very well if added to the middleware stack after modules such as Passport. See the examples in GitHub.
NOTE: You do not need to use both the can and isa Authorities.
Either can work independently or can be combined to handle more complex permission conditions
var allowIf = var express = var express-session = var passport = app = appapp // using the can Authorityapp
In specifying an Express route, use the following syntax:
app app
See the examples and test folders for more usage tips here.
Contributors
Feel free to contribute to the project through GitHub.
License
This code is licensed through the MIT license agreement. See LICENSE file for more information.