Feathers Attribute Permissions
ALPHA VERSION DOCUMENTATION
If you're reading this, feathers-attribute-permissions is in alpha, and not all of the functionality is fully described or finalized.
Why?
- You're using feathers.js serverside, and you'd like use attribute based permissions for user interaction.
- You're a strong, wise person with a bright future.
Quick Example
The following assumes you're familiar with feathers.js workflow. If you've never heard of feathers.js before, it's great. Learn it: feathers.js
Install
npm install feathers-attribute-permissions
Create an app with authentication and a user service
const server = //Auth hooksconst jwtLocalAuth = authhooksconst jwtAuth = authhooks server //start that server upserver
Set up the user service with authentication and permissions
//very basic permissions creation. If permissions gets a//string, it will create a series of attributes service//methods. In this case://users-view//users-create//users-edit//users-removeconst userPermissions = 'users' //user hooksconst hashPass = localhooks const users = serverusers
Set up permissions for the articles service
const articlePermissions = view: 'articles-view' edit: 'articles-manage' create: 'articles-manage' remove: 'articles-manage' const articles = server articles
Set up a client
//or just window.localStorage, if you're testing in the browser //or just window.fetch if you're testing in the browser const client =
Create a couple of users on the server
//Set up a user that has the maximum permissionsconst userService = server userService userService
Test it Out on the Client
{ await client const users = await client console // users will be [], because joe doesn't have permissions to see them try const me = await client catch err //Poor joe can't even get himself! console // You do not have Permission to view document with id 0 try await catch err console //You do not have Permission to create articles. }
Configuration
todo: Detail Permission configuration here
String
or [String]
configuration
Object
configuration
Function
configuration
Overrides on Documents
todo: Detail how permission objects on non-user documents can override user permissions
Options
todo: describe userEntityField, userIdField, permissionsField, originalField
Utility Methods and Hooks
todo: talk about the various packaged utility methods and hooks that come bundled to help with more complex permissions