rbac-rethinkdb
Role-based access control for RethinkDB apps.
Instalations
npm install rbac-rethinkdb --save
Usage
With rbac-rethinkdb you can do the following:
- Create
Roles - Create
Permissions - Assing
PermissiontoRole. CreateGrant - Assing
Permissionto specificSubjectwhich can useResource - Assing
RoletoSubject - Check if
SubjecthasPermission - Check if
RolehasPermission
More information about RBAC you can reach by link
RBAC
You can import RBAC separately and use it with your own storage, which should have been implemented with RBAC Storage methods
; const rbac = storage: ;But probably you would like to use RethinkDBStorage
; const rbac = storage: ;Storage
Options
To connect RBAC storage with your DB you should define RethinkDB conect options.
const connectOptions = authKey: '' db: 'test' host: 'localhost' port: 28015;And RBAC RethinkDB storage options would look like
const storageOptions = ...connectOptions subjectTable: 'Users' roles: 'Developer' 'QA' 'PM' permissions: 'Write_code' 'Manage_team' 'Check_quality' 'Check_Facebook' resources: grants: 'Developer' 'Write_code' 'Developer' 'Check_Facebook' 'QA' 'Check_quality' 'QA' 'Check_Facebook' 'PM' 'Manage_team' ;where:
- subjectTable: Table in your DB with
Subjects. Will createSubjectsby default - roles: List of predefined
Roles. Can be empty - permissions: List of predefined
Permissions. Can be empty - resources: List of Table names with resources which can be used by specific
Subject. Can by empty - grants: List of predefined
Grantsin format[ [ROLE, PERMISSION] ]. Can be empty
Methods
addRole(role: string): Promise<boolean>
Add new Role. true if added, false if Role already exsit.
removeRole(role: string): Promise<boolean>
Remove existing Role. true if removed.
addPermission(permission: string): Promise<boolean>
Add new Permission. true if added.
removePermission(permission: string): Promise<boolean>
Remove existing Role. true if removed.
grant(role: string, permission: stirng): Promise<boolean>
Assign existing Permission to existing Role. true if assigned.
removeGrant(role: string, permission: string): Promise<boolean>
Remove existing Permission from existing Role. true if removed.
grantSubjectToResource(subjectId, permission, resourceId, resource)
Assing Permission to specific Subject which can use specfic Resource.
An example: as I user I can see all posts, but only I can edit my posts.
Params:
- subjectId:
string- id ofSubjectfrom table in DB - permission:
string- existingPermission - resourceId:
string- id ofResourceentity - resource:
string-Resourcetable name Returns:Promise<boolean>
removeSubjectFromResource(subjectId, permission, resourceId, resource)
Remove connection between specific Subject and Permission on some Resource.
Params, and Returns the same as for grantSubjectToResource()
can(role: string, permission: string): Promise<boolean>
Check if Role has a Permission. true if has.
canAny(roles: Array<string>, permission: string): Promise<boolean>
Check if any of Roles has a Permission. true if at least one Role has a Permission
canAll(roles: Array<string>, permission: string): Promise<boolean>
Check if all Roles have a Permission. true if all Roles has a Permission
canSubjectUsePermission(subjectId, permission, resourceId, resource)
Check if specific Subject has a Permission to use specific Resource. true if has. Params, and Returns the same as for grantSubjectToResource()
addSubjectToRole(subjectId: string, role: string) :Promise<boolean>
Assing Role to specific Subject
removeSubjectFromRole(subjectId: string, role: string):Promise<boolean>
Delete Role from specific Subject
getPermissions(role: string): Promise<Permissions>
Get list of all Permission from Role. Where Permissions = Array<string>
getRoles(subjectId: string): Promise<Roles>
Get list of all Roles from Subject. Where Roles = Array<string>