Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@backstage/plugin-permission-common
Advanced tools
Isomorphic types and client for Backstage permissions and authorization
@backstage/plugin-permission-common is a package that provides common types and utilities for implementing permission-based access control in Backstage plugins. It helps in defining and managing permissions, rules, and policies to control access to various resources within a Backstage application.
Defining Permissions
This feature allows you to define custom permissions for your Backstage plugins. The `createPermission` function is used to create a new permission with a specified name and attributes.
const { createPermission } = require('@backstage/plugin-permission-common');
const myPermission = createPermission({
name: 'my-plugin.my-permission',
attributes: { action: 'read' },
});
Creating Permission Rules
This feature allows you to create rules that determine whether a user has a specific permission. The `createPermissionRule` function is used to define a rule with a name, description, and an apply function that contains the logic for the rule.
const { createPermissionRule } = require('@backstage/plugin-permission-common');
const isUserAdmin = createPermissionRule({
name: 'is-user-admin',
description: 'Checks if the user is an admin',
apply: (resource, user) => user.isAdmin,
});
Evaluating Permissions
This feature allows you to evaluate whether a user has a specific permission for a given resource. The `evaluatePermission` function takes a permission, user, and resource as arguments and returns the evaluation result.
const { evaluatePermission } = require('@backstage/plugin-permission-common');
const result = evaluatePermission(myPermission, user, resource);
console.log(result);
Casbin is a powerful and efficient open-source access control library that supports various access control models like ACL, RBAC, and ABAC. It provides a flexible way to define permissions and policies, similar to @backstage/plugin-permission-common, but is more general-purpose and can be used outside of Backstage.
AccessControl is a Node.js module that provides Role-Based Access Control (RBAC) for your application. It allows you to define roles and permissions in a flexible way. While it focuses on RBAC, it offers similar functionality to @backstage/plugin-permission-common in terms of defining and managing permissions.
NOTE: THIS PACKAGE IS EXPERIMENTAL, HERE BE DRAGONS
Isomorphic types and client for Backstage permissions and authorization. For more information, see the authorization PRFC.
FAQs
Isomorphic types and client for Backstage permissions and authorization
We found that @backstage/plugin-permission-common demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.