role-acl - npm Package Compare versions

70

lib/core/Access.d.ts

		@@ -59,2 +59,50 @@ import { IAccessInfo } from '../core';
		/**
		* Sets the resource and possession to `"any"` and commits the
		* current access instance to the underlying grant model.
		*
		* @param {String\|Array<String>} [resource]
		* Defines the target resource this access is granted or denied for.
		* This is only optional if the resource is previously defined.
		* If not defined and omitted, this will throw.
		* @param {String\|Array<String>} [attributes]
		* Defines the resource attributes for which the access is granted
		* for. If granted before via `.grant()`, this will default
		* to `["*"]` (which means all attributes allowed.)
		*
		* @throws {AccessControlError}
		* If the access instance to be committed has any invalid
		* data.
		*
		* @returns {Access}
		* Self instance of `Access` so that you can chain and define
		* another access instance to be committed.
		*/
		onAny(resource: string \| string[], attributes?: string \| string[]): Access;
		/**
		* Sets the resource and possession to `"own"` and commits the
		* current access instance to the underlying grant model.
		*
		* @param {String\|Array<String>} [resource]
		* Defines the target resource this access is granted or denied for.
		* This is only optional if the resource is previously defined.
		* If not defined and omitted, this will throw.
		* @param {String\|Array<String>} [attributes]
		* Defines the resource attributes for which the access is granted
		* for. If granted before via `.grant()`, this will default
		* to `["*"]` (which means all attributes allowed.)
		*
		* @throws {AccessControlError}
		* If the access instance to be committed has any invalid
		* data.
		*
		* @returns {Access}
		* Self instance of `Access` so that you can chain and define
		* another access instance to be committed.
		*/
		onOwn(resource: string \| string[], attributes?: string \| string[]): Access;
		/**
		* Alias of `onAny`
		*/
		on(resource: string \| string[], attributes?: string \| string[]): Access;
		/**
		* Sets the array of allowed attributes for this `Access` instance.
		@@ -116,2 +164,24 @@ * @param {String\|Array<String>} value
		/**
		* Sets the action.
		*
		* @param {String} action
		* Defines the action this access is granted for.
		*
		* @returns {Access}
		* Self instance of `Access` so that you can chain and define
		* another access instance to be committed.
		*/
		execute(action: string): Access;
		/**
		* Sets the condition for access.
		*
		* @param {String} condition
		* Defines the action this access is granted for.
		*
		* @returns {Access}
		* Self instance of `Access` so that you can chain and define
		* another access instance to be committed.
		*/
		when(condtion: ICondition): Access;
		/**
		* Sets the action to `"create"` and possession to `"own"` and commits the
		@@ -118,0 +188,0 @@ * current access instance to the underlying grant model.

82

lib/core/Access.js

		@@ -77,2 +77,56 @@ "use strict";
		/**
		* Sets the resource and possession to `"any"` and commits the
		* current access instance to the underlying grant model.
		*
		* @param {String\|Array<String>} [resource]
		* Defines the target resource this access is granted or denied for.
		* This is only optional if the resource is previously defined.
		* If not defined and omitted, this will throw.
		* @param {String\|Array<String>} [attributes]
		* Defines the resource attributes for which the access is granted
		* for. If granted before via `.grant()`, this will default
		* to `["*"]` (which means all attributes allowed.)
		*
		* @throws {AccessControlError}
		* If the access instance to be committed has any invalid
		* data.
		*
		* @returns {Access}
		* Self instance of `Access` so that you can chain and define
		* another access instance to be committed.
		*/
		Access.prototype.onAny = function (resource, attributes) {
		return this._prepareAndCommit(this._.action, enums_1.Possession.ANY, resource, attributes);
		};
		/**
		* Sets the resource and possession to `"own"` and commits the
		* current access instance to the underlying grant model.
		*
		* @param {String\|Array<String>} [resource]
		* Defines the target resource this access is granted or denied for.
		* This is only optional if the resource is previously defined.
		* If not defined and omitted, this will throw.
		* @param {String\|Array<String>} [attributes]
		* Defines the resource attributes for which the access is granted
		* for. If granted before via `.grant()`, this will default
		* to `["*"]` (which means all attributes allowed.)
		*
		* @throws {AccessControlError}
		* If the access instance to be committed has any invalid
		* data.
		*
		* @returns {Access}
		* Self instance of `Access` so that you can chain and define
		* another access instance to be committed.
		*/
		Access.prototype.onOwn = function (resource, attributes) {
		return this._prepareAndCommit(this._.action, enums_1.Possession.OWN, resource, attributes);
		};
		/**
		* Alias of `onAny`
		*/
		Access.prototype.on = function (resource, attributes) {
		return this.onAny(resource, attributes);
		};
		/**
		* Sets the array of allowed attributes for this `Access` instance.
		@@ -147,2 +201,30 @@ * @param {String\|Array<String>} value
		/**
		* Sets the action.
		*
		* @param {String} action
		* Defines the action this access is granted for.
		*
		* @returns {Access}
		* Self instance of `Access` so that you can chain and define
		* another access instance to be committed.
		*/
		Access.prototype.execute = function (action) {
		this._.action = action;
		return this;
		};
		/**
		* Sets the condition for access.
		*
		* @param {String} condition
		* Defines the action this access is granted for.
		*
		* @returns {Access}
		* Self instance of `Access` so that you can chain and define
		* another access instance to be committed.
		*/
		Access.prototype.when = function (condtion) {
		this._.condition = condtion;
		return this;
		};
		/**
		* Sets the action to `"create"` and possession to `"own"` and commits the
		@@ -149,0 +231,0 @@ * current access instance to the underlying grant model.

61

lib/core/Query.d.ts

		@@ -53,10 +53,59 @@ import { IQueryInfo, Permission } from '../core';
		/**
		* A chainer method that sets the context for this `Query` instance.
		* @param {String} context
		* Target context for this `Query` instance.
		* @returns {Query}
		* Self instance of `Query`.
		*/
		* Queries the underlying grant model and checks whether the current
		* role(s) can execute "action" on any instance of "resource".
		*
		* @param {String} [resource]
		* Defines the target resource to be checked.
		* This is only optional if the target resource is previously
		* defined. If not defined and omitted, this will throw.
		*
		* @throws {Error} If the access query instance to be committed has any
		* invalid data.
		*
		* @returns {Permission}
		* An object that defines whether the permission is granted; and
		* the resource attributes that the permission is granted for.
		*/
		onAny(resource: string): Permission;
		/**
		* Queries the underlying grant model and checks whether the current
		* role(s) can execute "action" on own instance of "resource".
		*
		* @param {String} [resource]
		* Defines the target resource to be checked.
		* This is only optional if the target resource is previously
		* defined. If not defined and omitted, this will throw.
		*
		* @throws {Error} If the access query instance to be committed has any
		* invalid data.
		*
		* @returns {Permission}
		* An object that defines whether the permission is granted; and
		* the resource attributes that the permission is granted for.
		*/
		onOwn(resource: string): Permission;
		/**
		* Alias of `onAny`
		*/
		on(resource: string): Permission;
		/**
		* A chainer method that sets the context for this `Query` instance.
		* @param {String} context
		* Target context for this `Query` instance.
		* @returns {Query}
		* Self instance of `Query`.
		*/
		context(context: any): Query;
		/**
		* Alias of `context`
		*/
		with(context: any): Query;
		/**
		* A chainer method that sets the action for this `Query` instance.
		*
		* @param {String} action
		* Action that we are check if role has access or not
		*/
		execute(action: string): Query;
		/**
		* Queries the underlying grant model and checks whether the current
		@@ -63,0 +112,0 @@ * role(s) can "create" their "own" resource.

72

lib/core/Query.js

		@@ -72,8 +72,52 @@ "use strict";
		/**
		* A chainer method that sets the context for this `Query` instance.
		* @param {String} context
		* Target context for this `Query` instance.
		* @returns {Query}
		* Self instance of `Query`.
		*/
		* Queries the underlying grant model and checks whether the current
		* role(s) can execute "action" on any instance of "resource".
		*
		* @param {String} [resource]
		* Defines the target resource to be checked.
		* This is only optional if the target resource is previously
		* defined. If not defined and omitted, this will throw.
		*
		* @throws {Error} If the access query instance to be committed has any
		* invalid data.
		*
		* @returns {Permission}
		* An object that defines whether the permission is granted; and
		* the resource attributes that the permission is granted for.
		*/
		Query.prototype.onAny = function (resource) {
		return this._getPermission(this._.action, enums_1.Possession.ANY, resource);
		};
		/**
		* Queries the underlying grant model and checks whether the current
		* role(s) can execute "action" on own instance of "resource".
		*
		* @param {String} [resource]
		* Defines the target resource to be checked.
		* This is only optional if the target resource is previously
		* defined. If not defined and omitted, this will throw.
		*
		* @throws {Error} If the access query instance to be committed has any
		* invalid data.
		*
		* @returns {Permission}
		* An object that defines whether the permission is granted; and
		* the resource attributes that the permission is granted for.
		*/
		Query.prototype.onOwn = function (resource) {
		return this._getPermission(this._.action, enums_1.Possession.OWN, resource);
		};
		/**
		* Alias of `onAny`
		*/
		Query.prototype.on = function (resource) {
		return this.onAny(resource);
		};
		/**
		* A chainer method that sets the context for this `Query` instance.
		* @param {String} context
		* Target context for this `Query` instance.
		* @returns {Query}
		* Self instance of `Query`.
		*/
		Query.prototype.context = function (context) {
		@@ -84,2 +128,18 @@ this._.context = context;
		/**
		* Alias of `context`
		*/
		Query.prototype.with = function (context) {
		return this.context(context);
		};
		/**
		* A chainer method that sets the action for this `Query` instance.
		*
		* @param {String} action
		* Action that we are check if role has access or not
		*/
		Query.prototype.execute = function (action) {
		this._.action = action;
		return this;
		};
		/**
		* Queries the underlying grant model and checks whether the current
		@@ -86,0 +146,0 @@ * role(s) can "create" their "own" resource.

7

lib/utils.js

		@@ -88,5 +88,6 @@ "use strict";
		var s = info.action.split(':');
		if (enums_1.actions.indexOf(s[0].trim().toLowerCase()) < 0) {
		throw new core_1.AccessControlError("Invalid action: " + s[0]);
		}
		/*
		if (actions.indexOf(s[0].trim().toLowerCase()) < 0) {
		throw new AccessControlError(`Invalid action: ${s[0]}`);
		}*/
		info.action = s[0].trim().toLowerCase();
		@@ -93,0 +94,0 @@ // validate and normalize possession

2

package.json

		{
		"name": "role-acl",
		"version": "0.2.0",
		"version": "0.3.0",
		"description": "Role, Attribute and Condition based Access Control for Node.js",
		@@ -5,0 +5,0 @@ "main": "./index.js",

30

README.md

		@@ -153,2 +153,32 @@ Role, Attribute and conditions based Access Control for Node.js

		### Custom Actions
		Along with CRUD actions we can define custom actions.

		```js
		ac.grant('editor').execute('publish').on('article');
		let permission = ac.can('editor').execute('publish').on('article');
		console(permission.attributes); // —> ['*'] (all attributes)
		console(permission.granted); // -> true

		ac.grant('sports/editor').execute('publish').when({Fn: 'EQUALS', args: {category: 'sports'}}).on('article');
		permission = ac.can('sports/editor').execute('publish').with({category: 'sports'}).on('article');
		console(permission.attributes); // —> ['*'] (all attributes)
		console(permission.granted); // -> true

		permission = ac.can('sports/editor').execute('publish').with({category: 'politics'})).on('article');
		console(permission.attributes).toEqual([]);
		console(permission.granted).toEqual(false);

		ac.grant({
		role: 'politics/editor',
		action: 'publish',
		resource: 'article',
		condition: {Fn: 'EQUALS', args: {category: 'politics'}},
		attributes: attrs
		});
		permission = ac.can('politics/editor').execute('publish').with({category: 'politics'}).on('article');
		console(permission.attributes).toEqual(attrs);
		console(permission.granted).toEqual(true);
		```

		### Resources and Resource-Attributes
		@@ -155,0 +185,0 @@

role-acl - npm Package Compare versions

Improved metrics