mangomodel-security

Security methods for mangomodel

MangoModel-Security

MangoModel-Security provides some simple security utility methods for the MangoModel MongoDB wrapper.

To install, use NPM:

 npm install mangomodel-security

To add the MongoModel-Security functionality to a MangoModel model, do the following:

 
var MangoModel = require('mangomodel'),
    MangoModelSecurity = require('mangomodel-security'),
    ExampleModel = MangoModel.create('example');
    
ExampleModel.methods(MangoModelSecurity({
    // permission go here.. ie 
    
    user: {
        read: ['name', 'description'],
        write: ['name']
    },
    
    manager: {
        includes: 'user', // include all the permissions of user 
        read: ['secret_stuff'],
        write: ['description', 'secret_stuff']
    }
    
}));
 

Once this has been done, you can call the utility methods on the MangoModel object. Ie:

 
var record = {name: 'John Doe', description: 'A regular guy', secret_stuff: 'Likes brussel sprouts'};
 
// Return a copy of the record with fields a user should see 
ExampleModel.restrict(record, 'user'); // Return name and description 
 
// Get a copy of the record with only fields permissible by a user updated 
ExampleModel.mix(record, { name: 'John Dean', description: 'Better than regular'}, 'user'); // Only updates name 
 
ExampleModel.mix(record, { name: 'John Dean', description: 'Better than regular'}, 'manager'); // Update all