Moleculer Middleware Permissions
Check action permissions.
Install
This module requires at least Node v8.3.0.
yarn add moleculer-middleware-permissions
Usage
// moleculer.config.jsconst PermissionGuard = ; const guard = options; moduleexports = ... middlewares: guard ;
// service.jsmoduleexports = name: 'awesome.service' actions: hello: // The user must have both 'hello:read' AND 'hello:name' // You can override this behaviour by passing your 'checkFunction' permissions: 'hello:read' 'hello:name' { const name = ctxparams; return `Hello `; } me: // Will check for these permissions: ['awesome.service.me'] permissions: true { return `Hello me`; } ;
Notes
The middleware also add a property rawPermissions
on the action. It allows anyone to have the real permissions used
by the action. The array is immutable, so any attempt to edit it will fail.
Options
checkFunction
: A function that returntrue
if the request has enough permissions. Else, the return value will be send in the rejectedPermissionError
. For the default behaviour search forbasicPermissionCheck
insrc/index.js
.permissionsPath
: Path to look for the request permissions (from thectx
object). Default tometa.user.permissions
,permissionsSep
: Separator used to transform the action name to a permission name (default:.
).pathSeparator
: Separator to use when there is a.
in a property.
License
MIT