authorizedjs

A tool for authorization based on permits

It's very easy to use the tool with CoffeeScript.

Set up permits.

Auth = require 'authorizedjs'
 
class MyTestPermits extends Auth.Permits
    adminOnlyAction: (resource) ->
        @user.role is "admin"
 
    everyUserAction: (resource) ->
        @user.role is "user"
 
    resourceBasedAction: (resource) ->
        resource.user.id is @user.id
 
    validForEverybody: (resource) ->
        true
 
    secret: (resource) ->
        false
 
now in your route/controller you can check for authorization:
 
1. set up authorization:
 

auth = new Auth.Authorization({MyTest: MyTestPermits})

 
This is the place where you are map your resource with permits. In this example
`MyTest` is a name of your resource and `MyTestPermits` is an object where permits for actions are defined.
 
2. check if a user can perform an action (assuming that `currentUser` is the user you are going to check):
 
a). You can use string as resource name when you don't need to compare user rights against the resource

if auth.check currentUser, 'MyTest', 'adminOnlyAction' # we're ok to go! else # rights are not sufficient to see that resource!

 
It's also possible to use class name for that:

class MyTest constructor: ->

if auth.check currentUser, MyTest, 'adminOnlyAction' # we're ok to go! else # rights are not sufficient to see that resource!

You need to ensure that this resource returns its name with `resource.name`. In our case it should be:
 

console.log MyTest.name

'MyTest'

 
4. when user can manage only his/her resource then it's better to use the resource object
 

class MyTest constructor: (@user) ->

myTestObject = new MyTest(someUser)

if auth.check currentUser, myTestObject, 'resourceBasedAction' # we're ok to go! else # rights are not sufficient

 
it's very important that resource returns its name with `resource.constructor.name`! In our case it should be:
 

console.log myTestObject.constructor.name

MyTest