mongoose-acl
Advanced tools
var mongoose = require('mongoose');
var acl = require('mongoose-acl');
var WidgetSchema = new mongoose.Schema({ ... });
WidgetSchema.plugin(acl.object);
var UserSchema = new mongoose.Schema({ ... });
UserSchema.plugin(acl.subject);
The plugin adds accessor methods to the object for getting and setting permissions of a particular key:
var widget = new Widget({ ... });
widget.setAccess('foo', ['a', 'b']);
widget.getAccess('foo'); // => ['a', 'b']
Or getting all keys with given permissions:
widget.keysWithAccess(['a']); // => ['foo']
There are also convenience methods added to the subject for getting and setting the permissions for a given object:
var user = ...;
user.setAccess(widget, ['read', 'write', 'delete']);
user.getAccess(widget); // => ['read', 'write', 'delete']
We can query for all objects to which a particular subject has access:
Widget.withAccess(user, ['read']).exec(function(err, widgets) {
...
});
We can specify the path in which the ACL will be stored (by default it will be available at _acl):
WidgetSchema.plugin(acl.object, {
path: '_acl'
});
Each subject is referred to in an ACL by a unique key (by default it is of the form subject:<subject _id>). This can be customized by specifying a key option:
UserSchema.plugin(acl.subject, {
key: function() {
return 'user:' + this._id;
}
});
We can also specify additional ACL keys to which a subject has access. For example, suppose a user optionally belongs to a number of roles:
UserSchema.plugin(acl.subject, {
additionalKeys: function() {
return this.roles.map(function(role) {
return 'role:' + role;
});
}
});
There is one special key referred to as the public key. If set, the associated permissions will apply to all subjects:
UserSchema.plugin(acl.subject, {
public: '*'
});
Combines subject and object so that a subject can determine if it has permissions on itself or another "subject". getAccess and setAccess methods on the subject are renamed as getSubjectAccess and setSubjectAccess, respectively. All other options/methods remain the same. Explicitly:
subject.getAccess --> hybrid.getSubjectAccess
subject.setAccess --> hybrid.setSubjectAccess
UserSchema.plugin(acl.hybrid);
var user = ...;
user.setAccess('*', ['read']);
user.setSubjectAccess(user, ['write', 'delete']);
npm install mongoose-acl
npm test
FAQs
Mongoose ACL
We found that mongoose-acl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.