##Simple, fast and secure node ACL
bacl is a nodejs module to work with ACL (access control list). It's work with mongodb using mongoose but you can create your own adapter to work with other databases.
Install and use bacl is very simple
Just the 'bacl' library:
npm install bacl
Initialize the bacl and pass a mongoose connection
bacl = require('bacl');
//you need a mongoose or jugglingb connection (to use jugglingdb, look at the bottom of the document)
bacl = new bacl(new bacl.mongooseAdapter(mongoose));
bacl has got a default list of messages for diferent events (grantAccess,denyAccess and userNotFound) you can change this
bacl = new bacl(new bacl.mongooseAdapter(mongoose),
{"grantAccess": "User has got grant access", ...});
Example adding roles
bacl.allow('guest', '*');
/* or */
bacl.allow(['guest', 'manager'], '*');
/* or */
bacl.allow('guest', 'posts#index');
/* or */
bacl.allow('guest', 'posts');
/* or */
bacl.allow('guest', { rule: 'posts#index', method: 'get' } );
/* or */
bacl.allow('guest', { rule: 'posts#index', method: ['get','post','put'] });
/* or */
bacl.allow('guest', { rule: [ 'posts#index' , 'posts#edit' ], method: ['get', 'post'] });
/* or */
bacl.allow('guest', [ { rule: 'posts#index', method: 'get' },
{ rule: 'posts#edit', method: 'post' } ]);
Example adding users
bacl.add('user1', 'guest');
/* or */
bacl.add('user1', ['guest', 'manager']);
/* or */
bacl.add(['user1','user2'], 'guest');
Example checking access
bacl.can('user1','posts', function (ok, user, message) {
if (ok) {
allowed access
}else{
deny access
}
});
/* or */
bacl.can('user1','posts#index', function (ok, user, message) {
if (ok) {
allowed access
}else{
deny access
}
});
/* or */
bacl.can('user1', { url: 'posts#index', method: 'get' }, function (ok, user, message) {
if (ok) {
allowed access
}else{
deny access
}
});
When you recive the user with the method "can" you can check the roles when you want for example to show and hide elements in the views for diferents roles.
if (user.is('guest')) {
//show menu for the guest
}else{
//show other menu
}
/* you can define an "or" operator using arrays */
if (user.is(['guest', 'guest2']) {
//show menu for the guest or guest2
}else{
//show other menu
}
/* you can define an operator using objects, everthing is posible */
if (user.is({or: ['guest', 'guest2'], and: 'guest3'})) {
//if the user is guest and guest2 show the menu for that
}else{
//show other menu
}
bacl has got a fast and simple way to enable/disable users
bacl.enable('user1', function(err){
});
/* or */
bacl.disable('user1', function(err){
});
/* the first parameter can be an array */
In the world of nodejs we have an excellent framework called compoundjs, I'm going to show how integrate bacl with compoundjs.
In config/environment.js
First we are going to create a new file in config/initializers/acl.js of the compound app and copy/paste this code:
module.exports = function(compound) {
var bacl = require('bacl');
bacl = new bacl(new bacl.jugglingdbAdapter(compound.orm._schemas[0]));
bacl.allow('guest','posts#index', function(){
console.log('Create a new set of rules for the rol guest');
//in this case we are using an static user called user1, but this is only for example
bacl.add('user1', 'guest', function(){
console.log('Set the rol guest for the user1');
});
});
//this is necesary to use in the controller files of compoundjs
compound.bacl = bacl;
}
And this is everthing. For example, if you want check the access of the user1 in the controller posts you can write this in the controller app/controllers/posts_controller.js:
before(function (req) {
compound.bacl.can('user1', controllerName+'#'+actionName, function (result) {
if (result == false){
return send({ code: 404, error: 'Nooo access' });
}else{
next();
}
});
});
Very simple!
MIT
Free Software, Fuck Yeah!
FAQs
Simple, fast and secure node ACL
The npm package bacl receives a total of 1 weekly downloads. As such, bacl popularity was classified as not popular.
We found that bacl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.
Security News
Michigan TypeScript founder Dimitri Mitropoulos implements WebAssembly runtime in TypeScript types, enabling Doom to run after processing 177 terabytes of type definitions.