Role based access control that uses Mongoose and Bluebird promises. I have created the library since I was not able to work with the available libraries on GitHub.
- Mongoose
- Bluebird
- A user model
To install from NPM use:
npm install bluebird-rbac
U have to register the RBAC plugin to the User model. This is achieved by:
var mongoose = require('mongoose');
var rbac = require('bluebird-rbac').rbac;
var UserSchema = mongoose.Schema({
// ... Any additional fields
});
UserSchema.plugin(rbac.plugin);
module.exports = mongoose.model('User', UserSchema);
Checks if the user has the specified role.
Adds the role to the user.
Remove the role from the user
Is the user allowed to perform the action.
Will return all the permissions the user has.
You will be able to check for permissions on the routes from express.
var rbac = require('bluebird-rbac');
router.get('/', rbac.userCanAccess({action: 'view', resource: 'user', redirectTo: '/'}), function(req, res, next) {
// Do stuff in my route.
});
If the user does not have the permission, the user will be redirected to /, if redirectTo is not defined the user will be returned to the last page he visited.