New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →

admin-bro-users-permissions

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

admin-bro-users-permissions

Library to easily implement a Role-Based Access Control(RBAC). Highly extensible, this library will help you to have an Admin Login Page and inside the admin, 2 Resources: Users and Roles. **Only for Mongoose**

1.0.1
Source
npm

Version published: 4 years ago

Weekly downloads: 19; increased by850%

Maintainers: 1

Weekly downloads

Created: 4 years ago

Source

Admin Bro: Users & Permisions

How it looks

Getting Started

npm install admin-bro-users-permissions
npm install cookie-parser
npm install express-session

Import the resources and the authentication closure

const userResource = require('admin-bro-user-permissions/resources/user')
const roleResource = require('admin-bro-user-permissions/resources/role')
const { authenticationClosure } = require('admin-bro-user-permissions/authentication')
const isAccessGranted = require('admin-bro-user-permissions/policies/isAccessGranted')

Set the resources to the AdminBro. eg:

const storeResource = {
    resource: mongoose.model('Store', {
        name: { type: String, required: true },
    }),
    options: {
        actions: {
            list: { // Added the role policy
                isAccessible: isAccessGranted({ resourceName: 'Store', actionRequested: 'list' }),
            },
            edit: { 
                isAccessible: isAccessGranted({ resourceName: 'Store', actionRequested: 'list' }),
            },
            //...etc
        },
    }
}

const adminBro = new AdminBro({
        resources: [
            ...storeResource,
            userResource.initResource(mongoose, {
                resourceSchema: {
                    name: { type: String, required: true }, //optional
                    ...yourSchema
                },
                resourceOptions: {
                    parent: {
                        name: 'Access'
                    },
                },
            }),
            roleResource.initResource(mongoose, {
                resourceOptions: {
                    parent: {
                        name: 'Access'
                    },
                },
            }),
        ],
    })

Build the authentication route passing the authentication closure:

const router = AdminBroExpress.buildAuthenticatedRouter(adminBro, {
    authenticate: authenticationClosure({ userModel: userResource.getModel(mongoose), roleModel: roleResource.getModel(mongoose) }),
})

Enable cookie-parsers and express-session into your express app:

app.use(cookieParser('secret'))
app.use(cookieSession())

Done :white_check_mark::tada::tada: You now can start the AdminBro and you will see the login page and the Users & Roles resource.

Highly extensible

You have access to all the pieces which is building this library. With that, you can extend or even create your on pieces to overwrite the main one.

Resources Methods

Method	Parameters
initResource	mongoose, Object{resourceSchema: Mongoose Object Schema, resourceOptions: ResourceOptions, resourceFeatures: Array of Features} Returns: Array<AdminBro Resources>
getSchema	mongoose, Object{Mongoose Object Schema} Returns: Mongoose Schema
getOptions	Object{ResourceOptions} Returns: Object of ResourceOptions
getFeatures	Array<Features> Returns: Array of AdminBro Features

Authentication

Method	Parameters
authenticationClosure	Object({ userModel: User Mongoose Model, roleModel: Role Mongoose Model }) Returns: Function<authentication(email, password)>
authentication	(email, password) Returns: False or Object({email: String, password: String, role: Object})

Lets suppose besides all the login validations, you want to extend and add your own. You could do it using the authentication method. eg:

const userResource = require('admin-bro-user-permissions/resources/user')
const roleResource = require('admin-bro-user-permissions/resources/role')
const { authentication } = require('admin-bro-user-permissions/authentication')

const authenticationClosure = () => {
    return async (email, password) => {
        const matched = await authentication(email,password, userResource.getModel(mongoose), roleResource.getModel(mongoose))

        // Add your business logic here
        // return true or false
    }
}

const router = AdminBroExpress.buildAuthenticatedRouter(adminBro, {
    authenticate: authenticationClosure,
})

Policies

Policy	Parameters
isAccessGranted	Object({resourceName: String, actionRequested: String})

You can also add business logic to policy. eg:

const isAccessGranted = require('admin-bro-user-permissions/policies/isAccessGranted')

const myPolicy = ({ currentAdmin }) => {
    const isAccessGrantedClosure = isAccessGranted({ resourceName: 'Store', actionRequested: 'list' })
    const isGranted = isAccessGrantedClosure({currentAdmin})

    // add your business logic
    // return true or false
}

const storeResource = {
    resource: mongoose.model('Store', {
        name: { type: String, required: true },
    }),
    options: {
        actions: {
            list: { // Added the role policy
                isAccessible: isAccessGranted({ resourceName: 'Store', actionRequested: 'list' }),
            },
            //...etc
        },
    }
}

Contribution

If you need features that is not implemented - feel free to implement and create PRs! Plus we need some documentation, so if you are good in it - you are welcome.

Keywords

FAQs

What is admin-bro-users-permissions?

Is admin-bro-users-permissions popular?

Is admin-bro-users-permissions well maintained?

Package last updated on 12 Sep 2020

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install