New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket

bacl

Package Overview
Dependencies
Maintainers
1
Versions
8
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

bacl

Simple, fast and secure node ACL

  • 0.1.3
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
2
decreased by-86.67%
Maintainers
1
Weekly downloads
 
Created
Source

bacl

##Simple, fast and secure node ACL

bacl is a nodejs module to work with ACL (access control list). It's work with mongodb using mongoose but you can create your own adapter to work with other databases.

Install and use bacl is very simple

Installation

Just the 'bacl' library:

npm install bacl

Using bacl with the mongoose adapter

Initialize the bacl and pass a mongoose connection

bacl = require('bacl');
//you need a mongoose or jugglingb connection (to use jugglingdb, look at the bottom of the document)
bacl = new bacl(new bacl.mongooseAdapter(mongoose));

bacl has got a default list of messages for diferent events (grantAccess,denyAccess and userNotFound) you can change this

bacl = new bacl(new bacl.mongooseAdapter(mongoose),
{"grantAccess": "User has got grant access", ...});

Example adding roles

bacl.allow('guest', '*');
/* or */
bacl.allow(['guest', 'manager'], '*');
/* or */
bacl.allow('guest', 'posts#index');
/* or */
bacl.allow('guest', 'posts');
/* or */
bacl.allow('guest', { rule: 'posts#index', method: 'get' } );
/* or */
bacl.allow('guest', { rule: 'posts#index', method: ['get','post','put'] });
/* or */
bacl.allow('guest', { rule: [ 'posts#index' , 'posts#edit' ], method: ['get', 'post'] });
/* or */
bacl.allow('guest', [ { rule: 'posts#index', method: 'get' }, 
  { rule: 'posts#edit', method: 'post' } ]);

Example adding users

bacl.add('user1', 'guest');
/* or */
bacl.add('user1', ['guest', 'manager']);
/* or */
bacl.add(['user1','user2'], 'guest');

Example checking access

bacl.can('user1','posts', function (ok, user, message) {
    if (ok) {
        allowed access
    }else{
        deny access
    }
});
/* or */
bacl.can('user1','posts#index', function (ok, user, message) {
    if (ok) {
        allowed access
    }else{
        deny access
    }
});
/* or */
bacl.can('user1', { url: 'posts#index', method: 'get' }, function (ok, user, message) {
    if (ok) {
        allowed access
    }else{
        deny access
    }
});

When you recive the user with the method "can" you can check the roles when you want for example to show and hide elements in the views for diferents roles.

if (user.is('guest')) {
  //show menu for the guest
}else{
  //show other menu
}
/* you can define an "or" operator using arrays */
if (user.is(['guest', 'guest2']) {
  //show menu for the guest or guest2
}else{
  //show other menu
}
/* you can define an operator using objects, everthing is posible */
if (user.is({or: ['guest', 'guest2'], and: 'guest3'})) {
  //if the user is guest and guest2 show the menu for that
}else{
  //show other menu
}

bacl has got a fast and simple way to enable/disable users

bacl.enable('user1', function(err){
  
});
/* or */
bacl.disable('user1', function(err){
  
});

/* the first parameter can be an array */

Using bacl in compoundjs with the jugglingdb Adapter

In the world of nodejs we have an excellent framework called compoundjs, I'm going to show how integrate bacl with compoundjs.

In config/environment.js

First we are going to create a new file in config/initializers/acl.js of the compound app and copy/paste this code:

module.exports = function(compound) {
  var bacl = require('bacl');
  bacl = new bacl(new bacl.jugglingdbAdapter(compound.orm._schemas[0]));
  bacl.allow('guest','posts#index', function(){
    console.log('Create a new set of rules for the rol guest');
    //in this case we are using an static user called user1, but this is only for example
    bacl.add('user1', 'guest', function(){
      console.log('Set the rol guest for the user1');
    });
  });
  //this is necesary to use in the controller files of compoundjs
  compound.bacl = bacl;
}

And this is everthing. For example, if you want check the access of the user1 in the controller posts you can write this in the controller app/controllers/posts_controller.js:

before(function (req) {
  compound.bacl.can('user1', controllerName+'#'+actionName, function (result) {
    if (result == false){
      return send({ code: 404, error: 'Nooo access' });
    }else{
      next();
    }
  });
});

Very simple!

License

MIT

Free Software, Fuck Yeah!

Keywords

FAQs

Package last updated on 20 Mar 2013

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc