express-dynacl
Advanced tools
Comparing version 2.0.1 to 2.1.0
27
index.js
@@ -15,3 +15,3 @@ var dynacl = (function(){ | ||
| logString: (action,permission,role,req) => "DynACL " + (permission ? "OK" : "XX") + " ( action: " + action + (role ? ", role: " + role : "") + " )", | ||
| logString: (event) => `DynACL ${event.permission ? "OK" : "XX"} (action: ${event.action}${event.role ? ", role: " + event.role : ""}${Object.keys(event.params) > 0 ? ", params: " + JSON.stringify(event.params) : ""})`, | ||
| logConsole: false, | ||
@@ -53,3 +53,10 @@ | ||
| if(options.logConsole){ | ||
| let logString = options.logString(action,permission,roleName,req); | ||
| let logEvent = { | ||
| action:action, | ||
| permission:permission, | ||
| role:roleName, | ||
| req:req, | ||
| params:params | ||
| }; | ||
| let logString = options.logString(logEvent); | ||
| if(permission) console.log(logString); | ||
@@ -68,3 +75,3 @@ else console.error(logString); | ||
| // if role does not exists user can't | ||
| // if role does not exist user can't | ||
| if(!role) return false; | ||
@@ -104,9 +111,12 @@ | ||
| // middleware factory | ||
| function dynacl(action){ | ||
| function dynacl(action,paramsFn){ | ||
| // return middleware function for ExpressJS | ||
| return async function(req,res,next){ | ||
| // if function to evaluate req to params provided, then use it | ||
| var params = paramsFn ? paramsFn(req) : {}; | ||
| // evaluate permission | ||
| var result = await checkCan(action,req,{}); | ||
| var result = await checkCan(action,req,params); | ||
@@ -137,2 +147,7 @@ // if permission granted, send execution to the next middleware/route | ||
| module.exports = dynacl; | ||
| if(require.main === module){ | ||
| require("./index.cli.js"); | ||
| } | ||
| else{ | ||
| module.exports = dynacl; | ||
| } |
| { | ||
| "name": "express-dynacl", | ||
| "version": "2.0.1", | ||
| "version": "2.1.0", | ||
| "description": "Express dynamic access control list, that allows to grant access to queries based on request details", | ||
@@ -22,3 +22,6 @@ "main": "index.js", | ||
| }, | ||
| "homepage": "https://github.com/SmallhillCZ/express-dynacl#readme" | ||
| "homepage": "https://github.com/SmallhillCZ/express-dynacl#readme", | ||
| "dependencies": { | ||
| "chalk": "^2.4.1" | ||
| } | ||
| } |
@@ -8,2 +8,6 @@ # express-dynacl | ||
| var acl = require("express-dynacl"); | ||
| var Post = require("./models/post"); | ||
| var options = { | ||
@@ -23,5 +27,3 @@ | ||
| "posts:create": true, | ||
| "posts:edit": (req,params) => { | ||
| return Post.find({_id:params.post.id}).then(post => post.owner === req.user.id); | ||
| } | ||
| "posts:edit": (req,params) => Post.findOne({_id:params.post.id}).then(post => post.owner === req.user.id) | ||
| }, | ||
@@ -38,3 +40,3 @@ inherits: ["guest"] | ||
| "admin: { | ||
| "admin": { | ||
| admin: true | ||
@@ -47,6 +49,6 @@ } | ||
| // set some of the roles as default - each request will expect that user has these roles (default is none) | ||
| defaultRole: "guest", | ||
| defaultRole: "guest", | ||
| logString: (role,action,result,req) => "DynACL " + (result ? "OK" : "XX") + " ( action: " + action + (result ? ", role: " + role : "") + " )", // log output string | ||
| logConsole: true, // enable logging to console (default is false) | ||
| logString: (event) => `DynACL ${event.permission ? "OK" : "XX"} (action: ${event.action}${event.role ? ", role: " + event.role : ""}${Object.keys(event.params) > 0 ? ", params: " + JSON.stringify(event.params) : ""})`, | ||
| logConsole: true, // enable logging to console (default is false) | ||
@@ -66,16 +68,13 @@ authorized: (req,res,next) => next(), // middleware to use when authorized (default is send to next middleware) | ||
| var router = express.Router(); | ||
| module.exports = router; | ||
| var acl = require("express-dynacl"); | ||
| router.get("/posts", acl("posts:list"), (req,res) => { | ||
| app.get("/posts", acl("posts:list"), (req,res) => { | ||
| // list posts | ||
| }); | ||
| router.post("/posts", acl("posts:create"), (req,res) => { | ||
| app.post("/posts", acl("posts:create"), (req,res) => { | ||
| // create post | ||
| }); | ||
| router.put("/posts/1", acl("posts:edit"), (req,res) => { | ||
| app.put("/posts/1", acl("posts:edit"), (req,res) => { | ||
| // edit post | ||
@@ -90,8 +89,5 @@ }); | ||
| var router = express.Router(); | ||
| module.exports = router; | ||
| var acl = require("express-dynacl"); | ||
| router.put("/posts/:id", (req,res) => { | ||
| app.put("/posts/:id", (req,res) => { | ||
| if(acl.can("posts:edit", req, {post: {id: req.params.id}})) { | ||
@@ -98,0 +94,0 @@ // edit post |
New alerts
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by32.94%
8479
- Number of package files
- increased by33.33%
4
- Lines of code
- increased by73.86%
153
Worsened metrics
- Dependency count
- increased byInfinity%
1
- Number of lines in readme file
- decreased by-4%
96
- Number of low supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedchalk@^2.4.1
+ Addedansi-styles@3.2.1(transitive)
+ Addedchalk@2.4.2(transitive)
+ Addedcolor-convert@1.9.3(transitive)
+ Addedcolor-name@1.1.3(transitive)
+ Addedescape-string-regexp@1.0.5(transitive)
+ Addedhas-flag@3.0.0(transitive)
+ Addedsupports-color@5.5.0(transitive)