Lightweight ACL for Node.js and the browser
Manacle is a lightweight ACL implementation for Node.js and the browser.
Create a new ACL:
var acl = manaclecreate;
Define some rules:
var user = ;aclallow'read' 'post';if useraclallow'create' 'post';aclallow'update' 'delete' 'post'return postuser === user;;if useradminaclallow'*' 'post';if userblockedacldeny'create' 'update' 'delete' 'post';
Check various rules:
var post = ;// `true` for users who are not blockedaclallowed'create' 'post';// `true` for all users (the given post object is ignored// and unnecessary since there is no condition defined)aclallowed'read' 'post' post;// `true` for users who are not blocked and either own// the post or are an adminaclallowed'update' 'post' post;aclallowed'delete' 'post' post;// `true` (undefined rules are denied by default)acldenied'foo' 'bar';
Note that the order in which the rules are defined matters as each newly defined rule takes precedence over past rules.
npm install manacle
Allow (or deny) the specified action(s) and subject(s), optionally only if the given condition holds.
Check if the specified action(s) and subject(s) are allowed (or denied), optionally checking a condition against any extra arguments.