cantina-permissions
Utilizes node-relations for permissions stored in redis.
Table of Contents
- Usage
- Example
- API Reference
app.permissions
app.permissions.define(context, roles)
app.permissions[context].grant(role, args, cb)
app.permissions[context].revoke(role, args, cb)
app.permissions[context].hasRole(role, args, cb)
app.permissions[context].can(verb, args, cb)
app.permissions[context].any(verbs, args, cb)
app.permissions[context].all(verbs, args, cb)
app.permissions[context].whoIs(role, object, cb)
app.permissions[context].whoCan(verb, object, cb)
app.permissions[context].whatIs(user, role, cb)
app.permissions[context].whatCan(user, verb, cb)
app.permissions[context].whatActions(user, object, cb)
Usage
Include the cantina-permissions
plugin in your cantina
application and
define your relations contexts. You'll then have the API for granting,
revoking, and querying for your application's permissions.
var app = ; app;
module { var permissionDefinitions = event: author: 'read' 'edit' 'delete' viewer: 'read' collaborator: 'read' 'edit' site: admin: 'administrate' ; Object;};
Example
module { var controller = app; controller; return controller;};
API Reference
app.permissions
Namespace for permission-related APIs.
app.permissions.define(context, roles)
Proxies relations to create a context, which contains a list of roles which map to actions.
context
: A name for the contextroles
: A hash of roles and verbs
apppermissions;
app.permissions[context].grant(role, args, cb)
Grants a relations role to the user.
role
: The role to grantargs
: may be a user model, a user id, or a hash of:user
: The user model or id to grant the role toobject
: (optional) The object model or id that the role relates to
cb
: The callback
Runs the stact-hook
permissions:grant(options, done)
so other plugins may react to the event.
apppermissionsevent
app.permissions[context].revoke(role, args, cb)
Revokes a relations role from the user.
role
: The role to grantargs
: may be a user model, a user id, or a hash of:user
: The user model or id to grant the role toobject
: (optional) The object model or id that the role relates to
cb
: The callback
Runs the stact-hook
permissions:revoke(options, done)
so other plugins may react to the event.
apppermissionsevent
app.permissions[context].hasRole(role, args, cb)
Checks whether a user has a role.
role
: The role to check forargs
: may be a user model, a user id, or a hash of:user
: The user model or id to grant the role toobject
: (optional) The object model or id that the role relates to
cb
: The callback
apppermissionsevent
app.permissions[context].can(verb, args, cb)
Checks whether a user can perform an action.
verb
: The action to check forargs
: may be a user model, a user id, or a hash of:user
: The user model or id to grant the role toobject
: (optional) The object model or id that the role relates to
cb
: The callback
apppermissionsevent
app.permissions[context].any(verbs, args, cb)
Checks whether a user can perform at least one of an array of actions
verbs
: an array of actions to check forargs
: may be a user model, a user id, or a hash of:user
: The user model or id to grant the role toobject
: (optional) The object model or id that the role relates to
cb
: The callback
apppermissionsevent
app.permissions[context].all(verbs, args, cb)
Checks whether a user can perform all of an array of actions.
verbs
: an array of actions to check forargs
: may be a user model, a user id, or a hash of:user
: The user model or id to grant the role toobject
: (optional) The object model or id that the role relates to
cb
: The callback
apppermissionseventall'delete' 'edit' user: 'erin' object: 'doc1' { if err return app; if hasAllAccess // do something );
app.permissions[context].whoCan(verb, object, cb)
Returns an array of user ids who can perform an action on an object.
verb
: The verb to check forobject
: The object model or id that the query relates tocb
: The callback
apppermissionsevent
app.permissions[context].whoIs(role, object, cb)
Returns an array of user ids who have a role over an object.
role
: The role to check forobject
: The object model or id that the query relates tocb
: The callback
apppermissionsevent
app.permissions[context].whatCan(user, verb, cb)
Returns an array of object ids on which a user can perform an action.
user
: The user model or id to check access forverb
: The verb to check forcb
: The callback
apppermissionsevent
app.permissions[context].whatIs(user, role, cb)
Returns an array of object ids on which a user has a role
user
: The user model or id to check access forrole
: The role to check forcb
: The callback
apppermissionsevent
app.permissions[context].whatActions(user, object, cb)
Returns an array of verbs a user can perform on an object.
user
: The user model or id to check access forobject
: The object model or id that the query relates tocb
: The callback
apppermissionsevent
TerraEclipse
Developed byTerra Eclipse, Inc. is a nationally recognized political technology and strategy firm located in Santa Cruz, CA and Washington, D.C.