mongoose-acl
Advanced tools
var mongoose = require('mongoose');
var acl = require('mongoose-acl');
var WidgetSchema = new mongoose.Schema({ ... });
WidgetSchema.plugin(acl.object);
var UserSchema = new mongoose.Schema({ ... });
UserSchema.plugin(acl.subject);
The plugin adds accessor methods to the object for getting and setting permissions of a particular key:
var widget = new Widget({ ... });
widget.setAccess('foo', ['a', 'b']);
widget.getAccess('foo'); // => ['a', 'b']
Or getting all keys with given permissions:
widget.keysWithAccess(['a']); // => ['foo']
There are also convenience methods added to the subject for getting and setting the permissions for a given object:
var user = ...;
user.setAccess(widget, ['read', 'write', 'delete']);
user.getAccess(widget); // => ['read', 'write', 'delete']
We can query for all objects to which a particular subject has access:
Widget.withAccess(user, ['read']).exec(function(err, widgets) {
...
});
We can specify the path in which the ACL will be stored (by default it will be available at _acl):
WidgetSchema.plugin(acl.object, {
path: '_acl'
});
Each subject is referred to in an ACL by a unique key (by default it is of the form subject:<subject _id>). This can be customized by specifying a key option:
UserSchema.plugin(acl.subject, {
key: function() {
return 'user:' + this._id;
}
});
We can also specify additional ACL keys to which a subject has access. For example, suppose a user optionally belongs to a number of roles:
UserSchema.plugin(acl.subject, {
additionalKeys: function() {
return this.roles.map(function(role) {
return 'role:' + role;
});
}
});
There is one special key referred to as the public key. If set, the associated permissions will apply to all subjects:
UserSchema.plugin(acl.subject, {
public: '*'
});
Combines subject and object so that a subject can determine if it has permissions on itself or another "subject". getAccess and setAccess methods on the subject are renamed as getSubjectAccess and setSubjectAccess, respectively. All other options/methods remain the same. Explicitly:
subject.getAccess --> hybrid.getSubjectAccess
subject.setAccess --> hybrid.setSubjectAccess
UserSchema.plugin(acl.hybrid);
var user = ...;
user.setAccess('*', ['read']);
user.setSubjectAccess(user, ['write', 'delete']);
npm install mongoose-acl
npm test
FAQs
Mongoose ACL
The npm package mongoose-acl receives a total of 0 weekly downloads. As such, mongoose-acl popularity was classified as not popular.
We found that mongoose-acl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.