adonis-acl
Advanced tools
Adonis ACL adds role based permissions to built in Auth System of Adonis Framework.
$ npm i adonis-acl --save
or
$ yarn add adonis-acl
const providers = [
...
'adonis-acl/providers/AclProvider',
...
]
const aceProviders = [
...
'adonis-acl/providers/CommandsProvider',
...
]
start/app.js file.const aliases = {
...
Role: 'Adonis/Acl/Role',
Permission: 'Adonis/Acl/Permission',
...
}
User model.class User extends Model {
...
static get traits () {
return [
'@provider:Adonis/Acl/HasRole',
'@provider:Adonis/Acl/HasPermission'
]
}
...
}
start/kernel.js file.const namedMiddleware = {
...
is: 'Adonis/Acl/Is',
can: 'Adonis/Acl/Can',
...
}
For using in views
const globalMiddleware = [
...
'Adonis/Acl/Init'
...
]
./ace migrations:run.$ ./ace acl:setup
Lets create your first roles.
const roleAdmin = new Role()
roleAdmin.name = 'Administrator'
roleAdmin.slug = 'administrator'
roleAdmin.description = 'manage administration privileges'
await roleAdmin.save()
const roleModerator = new Role()
roleModerator.name = 'Moderator'
roleModerator.slug = 'moderator'
roleModerator.description = 'manage moderator privileges'
await roleModerator.save()
Before, You should do first, use the HasRole trait in Your User Model.
class User extends Model {
...
static get traits () {
return [
'@provider:Adonis/Acl/HasRole'
]
}
...
}
const user = await User.find(1)
await user.roles().attach([roleAdmin.id, roleModerator.id])
const user = await User.find(1)
await user.roles().detach([roleAdmin.id])
Get roles assigned to a user.
const user = await User.first()
const roles = await user.getRoles() // ['administrator', 'moderator']
const createUsersPermission = new Permission()
createUsersPermission.slug = 'create_users'
createUsersPermission.name = 'Create Users'
createUsersPermission.description = 'create users permission'
await createUsersPermission.save()
const updateUsersPermission = new Permission()
updateUsersPermission.slug = 'update_users'
updateUsersPermission.name = 'Update Users'
updateUsersPermission.description = 'update users permission'
await updateUsersPermission.save()
const deleteUsersPermission = new Permission()
deleteUsersPermission.slug = 'delete_users'
deleteUsersPermission.name = 'Delete Users'
deleteUsersPermission.description = 'delete users permission'
await deleteUsersPermission.save()
const readUsersPermission = new Permission()
readUsersPermission.slug = 'read_users'
readUsersPermission.name = 'Read Users'
readUsersPermission.description = 'read users permission'
await readUsersPermission.save()
Before, You should do first, use the HasPermission trait in Your User Model.
class User extends Model {
...
static get traits () {
return [
'@provider:Adonis/Acl/HasPermission'
]
}
...
}
const roleAdmin = await Role.find(1)
await roleAdmin.permissions().attach([
createUsersPermission.id,
updateUsersPermission.id,
deleteUsersPermission.is,
readUsersPermission.id
])
const roleAdmin = await Role.find(1)
await roleAdmin.permissions().detach([
createUsersPermission.id,
updateUsersPermission.id,
deleteUsersPermission.is,
readUsersPermission.id
])
Get permissions assigned to a role.
const roleAdmin = await Role.find(1)
// ['create_users', 'update_users', 'delete_users', 'read_users']
await roleAdmin.getPermissions()
or
const roleAdmin = await Role.find(1)
// collection of permissions
await roleAdmin.permissions().fetch()
const createUsersPermission = new Permission()
createUsersPermission.slug = 'create_users'
createUsersPermission.name = 'Create Users'
createUsersPermission.description = 'create users permission'
await createUsersPermission.save()
const updateUsersPermission = new Permission()
updateUsersPermission.slug = 'update_users'
updateUsersPermission.name = 'Update Users'
updateUsersPermission.description = 'update users permission'
await updateUsersPermission.save()
const deleteUsersPermission = new Permission()
deleteUsersPermission.slug = 'delete_users'
deleteUsersPermission.name = 'Delete Users'
deleteUsersPermission.description = 'delete users permission'
await deleteUsersPermission.save()
const readUsersPermission = new Permission()
readUsersPermission.slug = 'read_users'
readUsersPermission.name = 'Read Users'
readUsersPermission.description = 'read users permission'
await readUsersPermission.save()
Before, You should do first, use the HasPermission trait in Your User Model.
class User extends Model {
...
static get traits () {
return [
'Adonis/Acl/HasPermission'
]
}
...
}
const user = await User.find(1)
await user.permissions().attach([
createUsersPermission.id,
updateUsersPermission.id,
deleteUsersPermission.is,
readUsersPermission.id
])
const user = await User.find(1)
await user.permissions().detach([
createUsersPermission.id,
updateUsersPermission.id,
deleteUsersPermission.is,
readUsersPermission.id
])
Get permissions assigned to a role.
const user = await User.find(1)
// ['create_users', 'update_users', 'delete_users', 'read_users']
await user.getPermissions()
or
const user = await User.find(1)
// collection of permissions
await user.permissions().fetch()
Syntax:
and (&&) - administrator && moderator
or (||) - administrator || moderator
not (!) - administrator && !moderator
// check roles
Route
.get('/users')
.middleware(['auth:jwt', 'is:(administrator || moderator) && !customer'])
// check permissions
Route
.get('/posts')
.middleware(['auth:jwt', 'can:read_posts'])
// scopes (using permissions table for scopes)
Route
.get('/posts')
.middleware(['auth:jwt', 'scope:posts.*'])
@loggedIn
@is('administrator')
<h2>Protected partial</h2>
@endis
@endloggedIn
or
@loggedIn
@can('create_posts && delete_posts')
<h2>Protected partial</h2>
@endcan
@endloggedIn
or
@loggedIn
@scope('posts.create', 'posts.delete')
<h2>Protected partial</h2>
@endscope
@endloggedIn
Having trouble? Open an issue!
The MIT License (MIT). Please see License File for more information.
FAQs
Adonis ACL system
The npm package adonis-acl receives a total of 642 weekly downloads. As such, adonis-acl popularity was classified as not popular.
We found that adonis-acl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.