This package has been deprecated

Author message:

Please install @jalik/roles instead

jk-roles

1.0.0 • Public • Published

jk-roles

A low level library meant to easily build secured applications using Role Based Access Control (RBAC).

Introduction

Role-based-access-control (RBAC) is a policy neutral access control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments. A study by NIST has demonstrated that RBAC addresses many needs of commercial and government organizations. RBAC can be used to facilitate administration of security in large organizations with hundreds of users and thousands of permissions. Although RBAC is different from MAC and DAC access control frameworks, it can enforce these policies without any complication. Its popularity is evident from the fact that many products and businesses are using it directly or indirectly.

Source: https://en.wikipedia.org/wiki/Role-based_access_control

This library is tested with unit tests.

Defining permissions

The central element of this lib is the permission, so first you need to setup your roles, which are just arrays of permissions. Note that you could store this permissions in database, in a file or just in-memory, it's up to you since this lib is only giving the bricks to build your own RBAC system.

// Define member permissions
const memberPermissions = [
    "upload_photo",
    "delete_own_photo",
    "create_post",
    "edit_own_post",
    "delete_own_post"
];

// Define admin permissions
const adminPermissions = [
    "administrate",
    "add_user",
    "edit_user",
    "delete_user"
];

Checking a single permission

To check a single permission, use the method isPermissionInList(String, Array).

import Roles from "jk-roles";

// Define user permissions
const userPermissions = [
    "upload_photo",
    "delete_own_photo"
];

if (Roles.isPermissionInList("delete_own_photo", userPermissions)) {
    // delete the photo...
}

Checking a list of permissions

To check if all permissions are present, use the method isPermissionsInList(String, Array), if one permission is missing the method will return false.

import Roles from "jk-roles";

// Define user permissions
const userPermissions = [
    "upload_photo",
    "delete_own_photo"
];

// Allow testers to upload a photo
if (Roles.isPermissionsInList(["test", "upload_photo"], userPermissions)) {
    // upload the photo...
}

Checking a permission in a list

To check if at least one permission is present, use the method isPermissionsOneOf(Array, Array).

import Roles from "jk-roles";

// Define user permissions
const userPermissions = [
    "delete_any_photo"
];

// Allow admins and members to delete a photo
if (Roles.isPermissionsOneOf(["delete_any_photo", "delete_own_photo"], userPermissions)) {
    // delete the photo...
}

Merging permissions

In case that you have several permissions lists, you can merge them with the method mergePermissions(...Array), this method only removes duplicates.

import Roles from "jk-roles";

// Define user permissions
const userPermissions = [
    "delete_own_photo",
    "edit_own_post",
];

// Define manager permissions
const managerPermissions = [
    "delete_any_photo",
    "delete_any_post",
    "edit_any_post"
];

// Merge permissions
const perms = Roles.mergePermissions(userPermissions, managerPermissions);

if (Roles.isPermissionInList("delete_any_post", perms)) {
    // delete the post...
}

Changelog

v1.0.0

  • First public release

License

The code is released under the MIT License.

If you find this lib useful and would like to support my work, donations are welcome :)

Donate

Package Sidebar

Install

npm i jk-roles

Weekly Downloads

0

Version

1.0.0

License

MIT

Last publish

Collaborators

  • jalik