express-dynacl
Advanced tools
Comparing version 2.0.1 to 2.1.0
27
index.js
@@ -15,3 +15,3 @@ var dynacl = (function(){ | ||
logString: (action,permission,role,req) => "DynACL " + (permission ? "OK" : "XX") + " ( action: " + action + (role ? ", role: " + role : "") + " )", | ||
logString: (event) => `DynACL ${event.permission ? "OK" : "XX"} (action: ${event.action}${event.role ? ", role: " + event.role : ""}${Object.keys(event.params) > 0 ? ", params: " + JSON.stringify(event.params) : ""})`, | ||
logConsole: false, | ||
@@ -53,3 +53,10 @@ | ||
if(options.logConsole){ | ||
let logString = options.logString(action,permission,roleName,req); | ||
let logEvent = { | ||
action:action, | ||
permission:permission, | ||
role:roleName, | ||
req:req, | ||
params:params | ||
}; | ||
let logString = options.logString(logEvent); | ||
if(permission) console.log(logString); | ||
@@ -68,3 +75,3 @@ else console.error(logString); | ||
// if role does not exists user can't | ||
// if role does not exist user can't | ||
if(!role) return false; | ||
@@ -104,9 +111,12 @@ | ||
// middleware factory | ||
function dynacl(action){ | ||
function dynacl(action,paramsFn){ | ||
// return middleware function for ExpressJS | ||
return async function(req,res,next){ | ||
// if function to evaluate req to params provided, then use it | ||
var params = paramsFn ? paramsFn(req) : {}; | ||
// evaluate permission | ||
var result = await checkCan(action,req,{}); | ||
var result = await checkCan(action,req,params); | ||
@@ -137,2 +147,7 @@ // if permission granted, send execution to the next middleware/route | ||
module.exports = dynacl; | ||
if(require.main === module){ | ||
require("./index.cli.js"); | ||
} | ||
else{ | ||
module.exports = dynacl; | ||
} |
{ | ||
"name": "express-dynacl", | ||
"version": "2.0.1", | ||
"version": "2.1.0", | ||
"description": "Express dynamic access control list, that allows to grant access to queries based on request details", | ||
@@ -22,3 +22,6 @@ "main": "index.js", | ||
}, | ||
"homepage": "https://github.com/SmallhillCZ/express-dynacl#readme" | ||
"homepage": "https://github.com/SmallhillCZ/express-dynacl#readme", | ||
"dependencies": { | ||
"chalk": "^2.4.1" | ||
} | ||
} |
@@ -8,2 +8,6 @@ # express-dynacl | ||
var acl = require("express-dynacl"); | ||
var Post = require("./models/post"); | ||
var options = { | ||
@@ -23,5 +27,3 @@ | ||
"posts:create": true, | ||
"posts:edit": (req,params) => { | ||
return Post.find({_id:params.post.id}).then(post => post.owner === req.user.id); | ||
} | ||
"posts:edit": (req,params) => Post.findOne({_id:params.post.id}).then(post => post.owner === req.user.id) | ||
}, | ||
@@ -38,3 +40,3 @@ inherits: ["guest"] | ||
"admin: { | ||
"admin": { | ||
admin: true | ||
@@ -47,6 +49,6 @@ } | ||
// set some of the roles as default - each request will expect that user has these roles (default is none) | ||
defaultRole: "guest", | ||
defaultRole: "guest", | ||
logString: (role,action,result,req) => "DynACL " + (result ? "OK" : "XX") + " ( action: " + action + (result ? ", role: " + role : "") + " )", // log output string | ||
logConsole: true, // enable logging to console (default is false) | ||
logString: (event) => `DynACL ${event.permission ? "OK" : "XX"} (action: ${event.action}${event.role ? ", role: " + event.role : ""}${Object.keys(event.params) > 0 ? ", params: " + JSON.stringify(event.params) : ""})`, | ||
logConsole: true, // enable logging to console (default is false) | ||
@@ -66,16 +68,13 @@ authorized: (req,res,next) => next(), // middleware to use when authorized (default is send to next middleware) | ||
var router = express.Router(); | ||
module.exports = router; | ||
var acl = require("express-dynacl"); | ||
router.get("/posts", acl("posts:list"), (req,res) => { | ||
app.get("/posts", acl("posts:list"), (req,res) => { | ||
// list posts | ||
}); | ||
router.post("/posts", acl("posts:create"), (req,res) => { | ||
app.post("/posts", acl("posts:create"), (req,res) => { | ||
// create post | ||
}); | ||
router.put("/posts/1", acl("posts:edit"), (req,res) => { | ||
app.put("/posts/1", acl("posts:edit"), (req,res) => { | ||
// edit post | ||
@@ -90,8 +89,5 @@ }); | ||
var router = express.Router(); | ||
module.exports = router; | ||
var acl = require("express-dynacl"); | ||
router.put("/posts/:id", (req,res) => { | ||
app.put("/posts/:id", (req,res) => { | ||
if(acl.can("posts:edit", req, {post: {id: req.params.id}})) { | ||
@@ -98,0 +94,0 @@ // edit post |
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
8479
4
153
1
96
1
+ Addedchalk@^2.4.1
+ Addedansi-styles@3.2.1(transitive)
+ Addedchalk@2.4.2(transitive)
+ Addedcolor-convert@1.9.3(transitive)
+ Addedcolor-name@1.1.3(transitive)
+ Addedescape-string-regexp@1.0.5(transitive)
+ Addedhas-flag@3.0.0(transitive)
+ Addedsupports-color@5.5.0(transitive)