@wealthbar/authz

authz

Short for Authorization (which is "can I" as opposed to Authentication which is "who am I").

authz functions

type authzType = (ctx: authzCtxType) => boolean

An authz function takes a context (see next section) and returns either true if authorization is granted, or false is not.

authz context

type authzCtxType = {
  permissions: {
    [name: string]: boolean,
  },
  user?: {
    id?: string,
  }
};

An authz context contains information about the current authorized user (their id), and the permissions they currently have.

anon

anon always returns true, i.e. everyone is authorized, even those without a user id.

anyUser

anyUser returns true for any user. i.e. any logged in users are authorized; sessions without a user id are not.

anyOf(permissions: string[]): authzType

anyOf generates an authz function that will return true for users with any of the permissions past in the permissions array.

allOf(permissions: string[]): authzType

allOf generates an authz function that will return true for users with all of the permissions past in the permissions array.

anyOfAuthz(authzs: authzType[]): authzType

anyOfAuthz generates an authz function that will return true for users when any of the authz functions past in the authzs array return true.

allOfAuthz(authzs: authzType[]): authzType

allOfAuthz generates an authz function that will return true for users when all of the authz functions past in the authzs array return true.

Example

import {authz} from "@wealthbar/authz"

const hasAandBorC = authz.anyOfAuthz([authz.allOf(["A", "B"]), authz.anyOf(["C"])]);

hasAandBorC requires a user with permissions to both "A" and "B" or permission to "C".