node package manager
Love JavaScript? Your insights can make it even better. Take the 2017 JavaScript Ecosystem Survey »

canornot

Canornot?

npm version Build Status Coverage Status

An authorisation and access control library based on JSON Schema.

Install

Using NPM

npm install canornot --save

Using Yarn

yarn add canornot

Usage

Example ABAC module based on Canornot

const Canornot = require('canornot');
const datastore = require('some-kind-of-datastore');
 
// A policy that allows getting your own user details, and editing companies 
// in your list of company ids 
const policySchema = {
    properties: {
        'user:get': {
            $ref: 'actor#/properties/user_id'
        },
        'company:edit': {
            $ref: 'actor#/properties/company_ids'
        }
    }
};
 
function getActorSchema(user_id) {
    return datastore.fetchUserById(user_id)
        .then(user => {
            return {
                id: 'actor',
                description: 'Actor Properties',
                type: 'object',
                additionalProperties: false,
                properties: {
                    user_id: {
                        type: 'number',
                        enum: [user.id]
                    },
                    company_ids: {
                        type: 'number',
                        enum: user.company_ids
                    }
                }
            };
        });
    }
}
 
module.exports = options => {
    return new Canornot({
        actorSchema: getActorSchema(options.user_id),
        policySchema: policySchema
    });
};
 

Example use of the above ABAC module

//This is our ABAC module based on Canornot 
const abac  = require('./abac.js');
 
// Create a check method using the provided details (user_id) 
const permission = abac({user_id: 12344});
 
// Permission is allowed here 
permission.can('user:get', 12344)
    .then(() => console.log('Permission allowed!'))
    .catch(() => console.log('Permission denied!'));
 
// Permission is denied here! 
permission.can('user:get', 99999)
    .then(() => console.log('Permission allowed!'))
    .catch(() => console.log('Permission denied!'));

Support

Via GitHub issue tracker

License

MIT (See LICENCE file)