Share your code. npm Orgs help your team discover, share, and reuse code. Create a free org »

    rbacpublic

    RBAC

    (Hierarchical Role Based Access Control)

    NPM version build status Test coverage Gitter chat Gittip

    RBAC is the authorization library for NodeJS.

    Motivation

    I needed hierarchical role based access control for my projects based on ExpressJS. I had one requirement. This structure must be permanently stored in various storages. For example in memory or Mongoose. Because there is a lot of options for storing of data and many of them are asynchronous. I created asynchronous API. Please, if you found any bug or you need custom API, create an issue or pull request.

    Documentation

    Read more about API in documentation

    Support us

    Star this project on GitHub.

    Install

    npm install rbac

    Usage

    import RBAC from 'rbac'; // ES5 var RBAC = require('rbac').default;
    const rbac = new RBAC({
      roles: ['superadmin', 'admin', 'user', 'guest'],
      permissions: {
        user: ['create', 'delete'],
        password: ['change', 'forgot'],
        article: ['create'],
        rbac: ['update']
      },
      grants: {
        guest: ['create_user', 'forgot_password'],
        user: ['change_password'],
        admin: ['user', 'delete_user', 'update_rbac'],
        superadmin: ['admin']
      }
    }, function(err, rbacInstance) {
      if (err) {
        throw err;
      }
    });

    Usage with express

    import express from 'express';
    import RBAC from 'rbac';
    import secure from 'rbac/controllers/express';
     
    // your custom controller for express
    function adminController(req, res, next) {
      res.send('Hello admin');
    }
     
    const app = express();
    const rbac = new RBAC({
      roles: ['admin', 'user']  
    }, (err, rbac) => {
      if (err) throw err;
     
      // setup express routes
      app.use('/admin', secure.hasRole(rbac, 'admin'), adminController);
    });

    Check permissions

    rbac.can('admin', 'create', 'article', (err, can) => {
      if (err) {
        throw err; // process error
      }
     
      if (can) {
        console.log('Admin is able create article');
      }
    });
     
    // or you can use instance of admin role
     
    rbac.getRole('admin', (err, admin) => {
      if (err) {
        throw err; // process error
      }
     
      if (!admin) {
        return console.log('Role does not exists');
      }
     
      admin.can('create', 'article', (err2, can) => {
        if (err2) throw err2; // process error
     
        if (can) {
          console.log('Admin is able create article');    
        }
      });
    });

    Mongoose user model

    Please take a look on plugin mongoose-hrbac

    Build documentation

    npm run doc

    Running Tests

    npm run test

    Build

    npm run build

    Credits

    License

    The MIT License (MIT)

    Copyright (c) 2016 Zlatko Fedor zlatkofedor@cherrysro.com

    install

    npm i rbac

    Downloadsweekly downloads

    188

    version

    4.0.2

    license

    MIT

    repository

    githubgithub

    last publish

    collaborators

    • avatar