@fickou/adonis-access-control-list
Advanced tools
Help dev to filter database with query parameters
Add Access Control List (acl) for Adonis JS 5+
Run:
npm i --save @fickou/adonis-access-control-list
Install provider:
node ace configure @fickou/adonis-access-control-list
Publish the package migrations to your application.
$ node ace acl:setup
Apply all migration with node ace migrations:run
Go to config/acl.ts and defined you own configuration:
import { ConfigAclContract } from "@ioc:Adonis/Addons/AdonisAccessControlList";
const configAcl: ConfigAclContract = {
prefix: "acl",
middlewares: "auth:api",
joinTables: {
permissionAccess: "permission_access",
permissionRole: "permission_role",
permissionUser: "permission_user",
userRole: "user_role",
},
/**
* `apiOnly` is used for auto configure view for assign access to permission
* by default it's false, if you want to use it, you need to set it to true
*/
apiOnly: false,
};
export default configAcl
Go to .adonisrc.json and add aliases:
{
"aliases": {
"Role": "Adonis/Addons/Acl/Role",
"Access": "Adonis/Addons/Acl/Access",
"Permission": "Adonis/Addons/Acl/Permission",
}
}
Register the following middleware inside start/kernel.ts file.
Server.middleware.register([
...,
'Adonis/Addons/Acl/Authorize',
])
Go to App/Models/User.ts, Compose user model with BaseUser:
import {BaseModel, column} from '@ioc:Adonis/Lucid/Orm'
import {compose} from "@poppinss/utils/build/src/Helpers";
import BaseUser from "@ioc:Adonis/Addons/Acl/BaseUser";
import authUser from "ioc:Adonis/Addons/Acl/Decorator/AuthUser";
export default class User extends compose(BaseModel, BaseUser) {
@column({isPrimary: true})
public id: number
@column()
public name: string
@column()
public email: string
@column()
public password: string
// @authUser()
// created_by: number;
// @authUser({isUpdate: true})
// updated_by: number;
}
Lets create your first roles.
const roleAdmin = new Role()
roleAdmin.name = 'Administrator'
roleAdmin.slug = 'administrator'
roleAdmin.description = 'manage administration privileges'
await roleAdmin.save()
const roleModerator = new Role()
roleModerator.name = 'Moderator'
roleModerator.slug = 'moderator'
roleModerator.description = 'manage moderator privileges'
await roleModerator.save()
const user = await User.find(1)
await user.related('roles').attach([roleAdmin.id, roleModerator.id])
const user = await User.find(1)
await user.related('roles').detach([roleAdmin.id])
Get roles assigned to a user.
const user = await User.first()
const roles = await user.getRoles() // ['administrator', 'moderator']
const createUsersPermission = new Permission()
createUsersPermission.slug = 'create_users'
createUsersPermission.name = 'Create Users'
createUsersPermission.description = 'create users permission'
await createUsersPermission.save()
const updateUsersPermission = new Permission()
updateUsersPermission.slug = 'update_users'
updateUsersPermission.name = 'Update Users'
updateUsersPermission.description = 'update users permission'
await updateUsersPermission.save()
const deleteUsersPermission = new Permission()
deleteUsersPermission.slug = 'delete_users'
deleteUsersPermission.name = 'Delete Users'
deleteUsersPermission.description = 'delete users permission'
await deleteUsersPermission.save()
const readUsersPermission = new Permission()
readUsersPermission.slug = 'read_users'
readUsersPermission.name = 'Read Users'
readUsersPermission.description = 'read users permission'
await readUsersPermission.save()
const roleAdmin = await Role.find(1)
await roleAdmin.related('permissions').attach([
createUsersPermission.id,
updateUsersPermission.id,
deleteUsersPermission.id,
readUsersPermission.id
])
const roleAdmin = await Role.find(1)
await roleAdmin.related('permissions').detach([
createUsersPermission.id,
updateUsersPermission.id,
readUsersPermission.id
])
Get permissions assigned to a role.
const roleAdmin = await Role.find(1)
// collection of permissions
await roleAdmin.related('permissions').fetch()
const createUsersPermission = new Permission()
createUsersPermission.slug = 'create_users'
createUsersPermission.name = 'Create Users'
createUsersPermission.description = 'create users permission'
await createUsersPermission.save()
const updateUsersPermission = new Permission()
updateUsersPermission.slug = 'update_users'
updateUsersPermission.name = 'Update Users'
updateUsersPermission.description = 'update users permission'
await updateUsersPermission.save()
const deleteUsersPermission = new Permission()
deleteUsersPermission.slug = 'delete_users'
deleteUsersPermission.name = 'Delete Users'
deleteUsersPermission.description = 'delete users permission'
await deleteUsersPermission.save()
const readUsersPermission = new Permission()
readUsersPermission.slug = 'read_users'
readUsersPermission.name = 'Read Users'
readUsersPermission.description = 'read users permission'
await readUsersPermission.save()
const user = await User.find(1)
await user.related('permissions').attach([
createUsersPermission.id,
updateUsersPermission.id,
readUsersPermission.id
])
const user = await User.find(1)
await user.related('permissions').detach([
createUsersPermission.id,
updateUsersPermission.id,
readUsersPermission.id
])
Get permissions assigned to a role.
const user = await User.find(1)
// ['create_users', 'update_users', 'delete_users', 'read_users']
const accesses = await user.getAccesses()
Protect routes with middleware
import Route from '@ioc:Adonis/Core/Route';
Route.group(() => {
Route.get('users', 'UsersController.index')
.access('list_user', 'List users');
Route.get('users/:id', 'UsersController.show')
.access('show_user', 'Show detail user');
Route.post('users', 'UsersController.store')
.access('show_user', 'Show detail user');
Route.put('users/:id', 'UsersController.update')
.access('update_user', 'Update user');
Route.delete('users/:id', 'UsersController.destroy')
.access('destroy_user', 'Destroy user');
//or
Route.ressource('users', 'UsersController')
.access('user', 'User')
}).prefix('api/v1');
FAQs
Help dev to filter database with query parameters
We found that @fickou/adonis-access-control-list demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.
Security News
AGENTS.md is a fast-growing open format giving AI coding agents a shared, predictable way to understand project setup, style, and workflows.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.