acl-checker
Advanced tools
This is a NodeJS module that allows you to setup roles/resources/permissions and then allows you to check to see if a role has a particular permission for a resource.
You can install this using npm:
npm install acl-checker
First thing you need to do is create a instance of the ACL class:
var AclChecker = require('acl-checker');
var acl = new AclChecker();
Next you have to load roles/resources/permissions. You can do this a few different way, all which use the allow() method.
You can use simple strings where you pass the role, resource, and then permissions:
acl.allow('guest', 'post', 'read');
This will give the guest roles the read permission on the post resources.
Same parameters as strings but using arrays. It will give all the permissions to all the resources, for all the roles, for example:
acl.allow([
'blogger',
'admin'
], [
'post',
'comment'
], [
'create',
'read'
]);
This will give the blogger and admin roles the create and read permissions for both the post and comment resources.
You can also mix and match strings and arrays:
acl.allow([
'blogger',
'admin'
], 'post', [
'create',
'read'
]);
You can also use an object with allow(). The object would be structure like:
roleName:
resourceName:
[permissions]
Defining however many you want, for example:
var permissions = {
guest: {
post: [
'read'
],
comment: [
'create',
'read'
]
},
blogger: {
post: [
'create',
'read',
'update',
'delete'
],
comment: [
'create',
'read',
'approve'
]
},
admin: {
post: [
'create',
'read',
'update',
'delete'
],
comment: [
'create',
'read',
'update',
'delete',
'approve'
]
}
};
acl.allow(permissions);
This library is designed very specifically to handle the task of validating permissions on roles and resources, it does nothing with get or retrieving that data.
It is up to your application to prodive the data where it uses low level libraries like node-mysql or node_redis or using an Object Mapper like Simple ORM, Bookshelf, or Mongoose or a combination. You have full control in how the ACL data is retrieve and stored.
To remove permission, use the removeAllow() method which has the same structure as the allow() method.
acl.removeAllow('guest', 'post', 'read');
acl.removeAllow('guest', [
'post',
'comment'
], 'read');
acl.removeAllow({
guest: {
post: [
'read'
]
}
});
To check if a permission is valid, use the either isAllowed() or allIsAllowed() method which has the same structure as the allow() method.
isAllowed() requires just one of the permission to be valid while isAllAllowed() requires all permissions to be valid.
acl.isAllowed('guest', 'post', 'read');
acl.isAllowed('guest', [
'post',
'comment'
], 'read');
acl.allIsAllowed({
guest: {
post: [
'read'
]
}
});
MIT
FAQs
ACL checker library
The npm package acl-checker receives a total of 0 weekly downloads. As such, acl-checker popularity was classified as not popular.
We found that acl-checker demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.