Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
accesscontrol-re
Advanced tools
accesscontrol-re - npm Package Compare versions
Comparing version 0.1.1 to 0.2.0
@@ -8,2 +8,2 @@ import { AccessControl, IAccessInfo } from 'accesscontrol'; | ||
| export declare const getActions: () => string[]; | ||
| export declare const cleanStarEtc: (a1: ArrayLike<any>) => any[]; | ||
| export declare const cleanStarEtc: (a1: {}) => any[]; |
@@ -15,11 +15,14 @@ "use strict"; | ||
| const resources = exports.getResources(); | ||
| const roles = exports.getRoles(); | ||
| exports.addCustomActions(actions); | ||
| const ac = new accesscontrol_1.AccessControl(); | ||
| for (const ai of accessInfos) { | ||
| const [action, possession] = ai.action.split(':'); | ||
| const [action, actionPossession] = ai.action.split(':'); | ||
| ai.role = _.isArray(ai.role) ? ai.role : [ai.role]; | ||
| const actionsToGrant = action === '*' ? actions : [action]; | ||
| const resourcesToGrant = ai.resource === '*' ? resources : [ai.resource]; | ||
| const rolesToGrant = ai.role.includes('*') ? roles : ai.role; | ||
| for (const actionToGrant of actionsToGrant) { | ||
| for (const resourceToGrant of resourcesToGrant) { | ||
| const accessInfo = Object.assign({ possession }, ai, { action: actionToGrant, resource: resourceToGrant }); | ||
| const accessInfo = Object.assign({}, ai, { possession: actionPossession || ai.possession || 'any', action: actionToGrant, resource: resourceToGrant, role: rolesToGrant }); | ||
| ac.grant(accessInfo); | ||
@@ -53,3 +56,3 @@ } | ||
| }; | ||
| exports.cleanStarEtc = _.flow(_f.remove(_f.isEqual('*')), _f.uniq, _f.sortBy(_f.identity)); | ||
| exports.cleanStarEtc = _.flow(_f.flatten, _f.remove(_f.isEqual('*')), _f.uniq, _f.sortBy(_f.identity)); | ||
| //# sourceMappingURL=accesscontrol-re.js.map |
| { | ||
| "name": "accesscontrol-re", | ||
| "version": "0.1.1", | ||
| "version": "0.2.0", | ||
| "main": "./build/src/index.js", | ||
@@ -5,0 +5,0 @@ "scripts": { |
@@ -9,14 +9,29 @@ # Access Control Re | ||
| - Allowing `'*'` for `*Actions` and `*Resources` on grants, eg: | ||
| // GOD can do any *Action on any *Resource! | ||
| - Allowing `'*'` for `*Roles`, `*Actions` and `*Resources` on `IAccessInfo` grants, a much needed feature (see https://github.com/onury/accesscontrol/issues/58)! | ||
| *It is very powerful, but it can open security holes, so use with caution!* | ||
| Using it you can define `'GOD'`-like Roles: | ||
| // "GOD" can do any *Action on any *Resource! | ||
| { | ||
| role: 'GOD', | ||
| resource: '*', | ||
| grant: { | ||
| '*:any': ['*'], | ||
| }, | ||
| action: '*:any' | ||
| } | ||
| This will actually allow any known *Action* against any known *Resource*, so use with caution! | ||
| This will actually grant GOD to any known *Action* against any known *Resource*. | ||
| Another scenario is to allow every `*Role` to access a particular *Resource* and/or *Action*: | ||
| // Any *Role can "look" any "openToAllResource" | ||
| { | ||
| role: '*', | ||
| resource: 'openToAllResource', | ||
| action: 'look:any', | ||
| } | ||
| You can of course use any combination, even `'*'` for *permit all* :-) | ||
@@ -37,3 +52,3 @@ ## How to use | ||
| addAccessInfo(accessInfos); | ||
| addAccessInfo(accessInfos); // also accepts a single accessInfo | ||
| const ac: AccessControl = build(); // @note: can call only `_.once`! | ||
@@ -45,22 +60,24 @@ | ||
| - Only the `.grant(accessInfo: IAccessInfo)` and `.permission(queryInfo: IQueryInfo)` are supported, not the chained fluent methods like `createAny` & `updateOwn`. The upside of this is that you can do anything without those, and they are cleaner and easier to use for DB or bulk creation & querying of permissions than the fluent ones. | ||
| This problem could be solved with the new JavaScript Proxy, but I wont even bother :-) | ||
| - Only the `.grant(accessInfo: IAccessInfo)` and `.permission(queryInfo: IQueryInfo)` are supported for now, not the chained fluent methods like `createAny` & `updateOwn` or the `grantsObject` etc. The upside of this is that you can do anything without just those, and they are cleaner and easier to use for DB or bulk creation & querying of permissions than the fluent ones. | ||
| This problem could be solved with an ES6 Proxy, but I wont even bother :-) | ||
| - There is some patching going on, as this is not a fork or reworked version of Access Control, just a facade. This is actually a very good point, cause Access Control version 2.x is just in `peerdependencies` so its updates on your local version will be picked up. | ||
| - There is some patching going on, as this is *not a fork* or reworked version of Access Control, just a facade. This is actually a very good point, cause Access Control version 2.x is just in `peerdependencies` so its updates on your local version will be picked up. | ||
| - You need to create ALL your grants before you can use it & call `.build` to retrieve an ActionControl instance with the grants locked. This is due to the way the `'*'` actions & resources actually work: the `'*'` is forcing all known actions / resources to be created. Also you can call `build()` only `_.once`, it has no effect after that (use `require-clean` if you want a fresh instance :-). | ||
| - You need to create ALL your grants (i.e add all your `addAccessInfo`) before you can use it & call `.build` to retrieve an ActionControl instance with the grants locked. This is due to the way the `'*'` actions & resources actually work: the `'*'` is forcing all known actions / resources / roles to be created. Also you can call `build()` only `_.once`, it has no effect after that (use `require-clean` if you want a fresh instance :-). | ||
| - @todo: `.extend` is disabled by design and is discouraged, for your own sake. Its evil to use while this is open https://github.com/onury/accesscontrol/issues/34#issuecomment-466387586 - when closed I'll happily add it :-) | ||
| - Order of addAccessInfo, matters! | ||
| - Using `'*'` for *Action*, it grants access to *all known Actions* against the Resource, event if the Resource doesn't support some of these Actions. It shouldn't do any harm :-) | ||
| - Order of `addAccessInfo`, matters! | ||
| ## Coming up | ||
| - Custom Possessions (beyond `'any'` & `'own'`) - completing https://github.com/onury/accesscontrol/issues/46) | ||
| - Custom Possessions (beyond `'any'` & `'own'`) - completing https://github.com/onury/accesscontrol/issues/46 | ||
| - Role `'*'` wildcard - scenarios like _*Any Role can Visit the Homepage_, eg `role: '*'` | ||
| - DONE: ~~Role `'*'` wildcard - scenarios like _Any *Role can Visit the Homepage_, eg `role: '*'`~~ | ||
| - Add most of *Actions*, *Resources* or *Possessions*, using negate wildcards, eg: `action: ['*', '!drop_entity_table']`. | ||
| - Add some of *Roles*, *Actions*, *Resources* (or *Possessions* in the future), using negate wildcards, eg: `action: ['*', '!drop_entity_table']`. | ||
| - If other goodies and Access Control issues solved via this facade seem important to me, they will! | ||
| - If other goodies and Access Control issues solved via this facade seem important, they will get here! | ||
@@ -67,0 +84,0 @@ - PRs, with tests + rationale, more than welcome :-) |
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by12.03%
13805
- Lines of code
- increased by2.97%
104
- Number of lines in readme file
- increased by24.64%
86
No dependency changes