vue-permission-directive
Advanced tools
A flexible Vue 3 directive for managing user permissions with support for AND, OR, regex, and pattern-based checks.
Vue directive for controlling element visibility based on user permissions.
Supports dynamic permission checks, customizable strategies, Nuxt, and Pinia.
npm install vue-permission-directive
# or
yarn add vue-permission-directive
import { createApp } from "vue";
import App from "./App.vue";
import vPermission, {
configurePermissionDirective,
} from "vue-permission-directive";
const app = createApp(App);
configurePermissionDirective({
getUserPermissions: () => ["view_dashboard", "edit_profile"],
});
app.directive("permission", vPermission);
app.mount("#app");
<!-- Will be shown only if user has 'view_dashboard' permission -->
<button v-permission="'view_dashboard'">Dashboard</button>
<!-- Will be shown if user has ANY of the listed permissions -->
<button v-permission="['edit_user', 'delete_user']">Manage User</button>
If user permissions change during runtime, call:
import { clearPermissionCache } from "vue-permission-directive";
clearPermissionCache();
configurePermissionDirective({
getUserPermissions: async () => {
const user = await fetchUser();
return user.permissions;
},
strategy: "some", // or 'every' for AND logic
fallback: "hide", // or 'disable'
});
Enable logging to debug permission checks:
import { setDevelopmentMode } from "vue-permission-directive";
setDevelopmentMode(true);
configurePermissionDirective({
strategyFn: (required, userPermissions) => {
return (
userPermissions.includes("super_admin") ||
required.some((p) => userPermissions.includes(p))
);
},
});
The directive supports multiple permission formats for flexible permission checking:
<!-- Single permission -->
<button v-permission="'user.read'">View Users</button>
<!-- Wildcard permission (allows everything) -->
<button v-permission="'*'">Super Admin Action</button>
<!-- User needs ANY of these permissions -->
<button v-permission="['user.edit', 'user.delete', 'admin.manage']">
Manage Users
</button>
For advanced permission logic, use objects with different modes:
<!-- AND Logic: User needs ALL permissions -->
<button
v-permission="{ permissions: ['user.read', 'user.write'], mode: 'and' }"
>
Full User Access
</button>
<!-- OR Logic: User needs ANY permission -->
<button
v-permission="{ permissions: ['admin.dashboard', 'user.manage'], mode: 'or' }"
>
Admin Panel
</button>
<!-- StartWith Logic: Check if user has permissions starting with pattern -->
<button
v-permission="{ permissions: ['admin', 'moderator'], mode: 'startWith' }"
>
Staff Only
</button>
<!-- EndWith Logic: Check if user has permissions ending with pattern -->
<button v-permission="{ permissions: ['.write', '.delete'], mode: 'endWith' }">
Edit Actions
</button>
<!-- Exact Match: Same as 'or' but more explicit -->
<button v-permission="{ permissions: ['posts.publish'], mode: 'exact' }">
Publish Post
</button>
<!-- Regex Logic: Use regex patterns to match permissions -->
<button
v-permission="{ permissions: ['user\\.(read|write|edit)'], mode: 'regex' }"
>
User Operations
</button>
<!-- Combine strings and objects for complex logic -->
<button
v-permission="[
'super_admin',
{ permissions: ['user.read', 'posts.read'], mode: 'and' },
]"
>
Advanced Access
</button>
| Mode | Description | Example |
|---|---|---|
and | ALL permissions must be satisfied | User needs both user.read AND user.write |
or | ANY permission must be satisfied | User needs admin.dashboard OR user.manage |
startWith | Any user permission starts with the pattern | User permission admin.users.read matches pattern admin |
endWith | Any user permission ends with the pattern | User permission posts.create matches pattern .create |
exact | Exact match (same as basic string check) | User permission must be exactly posts.publish |
regex | Regular expression matching | User permission matches regex pattern user\.(read|write) |
Inside plugins/v-permission.client.ts:
import { defineNuxtPlugin } from "#app";
import vPermission, {
configurePermissionDirective,
} from "vue-permission-directive";
export default defineNuxtPlugin((nuxtApp) => {
configurePermissionDirective({
getUserPermissions: () => useAuthStore().permissions,
});
nuxtApp.vueApp.directive("permission", vPermission);
});
import { useAuthStore } from "@/stores/auth";
configurePermissionDirective({
getUserPermissions: () => useAuthStore().permissions,
});
<!-- Default: Remove element from DOM when permission denied -->
<button v-permission="'admin.access'">Admin Panel</button>
<!-- Show modifier: Hide element but keep in DOM -->
<button v-permission:show="'user.profile'">Edit Profile</button>
<!-- Once modifier: Check permission only once (no reactive updates) -->
<button v-permission.once="'static.permission'">Static Action</button>
<!-- Lazy modifier: Don't watch for permission changes -->
<button v-permission.lazy="'user.read'">User List</button>
You can also check permissions programmatically in your components:
import { hasPermission } from "vue-permission-directive";
export default {
async mounted() {
// Check single permission
const canEdit = await hasPermission("user.edit");
// Check multiple permissions (OR logic)
const canManage = await hasPermission(["user.edit", "user.delete"]);
// Check with advanced logic
const hasAdvancedAccess = await hasPermission({
permissions: ["admin.read", "admin.write"],
mode: "and",
});
if (canEdit) {
this.showEditButton = true;
}
},
};
v-permission="string | string[] | PermissionObject | (string | PermissionObject)[]"Required permission(s) to display the element.
configurePermissionDirective(permissions, options?)| Parameter | Type | Description |
|---|---|---|
permissions | string[] | Ref<string[]> | Array of user permissions or reactive reference |
options.developmentMode | boolean | Enable debug logging (default: false) |
hasPermission(permission) - Check if user has specific permission(s)setDevelopmentMode(enabled) - Enable/disable debug loggingclearPermissionCache() - Clear cached permissions for dynamic updatesinitPermissionDirectiveIfNeeded() - Initialize permissions from localStorageexport type PermissionMode =
| "and"
| "or"
| "startWith"
| "endWith"
| "exact"
| "regex";
export interface PermissionObject {
permissions: string[];
mode: PermissionMode;
}
export type PermissionValue =
| string
| string[]
| PermissionObject
| (string | PermissionObject)[];
// β
Good: Use hierarchical naming
"user.read";
"user.write";
"user.delete";
"admin.dashboard.view";
"posts.create";
"posts.edit.own";
// β Avoid: Flat or unclear naming
"read";
"edit";
"access";
<!-- β
Use 'and' when user needs multiple permissions -->
<button
v-permission="{ permissions: ['user.read', 'user.write'], mode: 'and' }"
>
Full Access
</button>
<!-- β
Use 'startWith' for hierarchical permissions -->
<div v-permission="{ permissions: ['admin'], mode: 'startWith' }">
Admin Section
</div>
<!-- β
Use regex for complex patterns -->
<button
v-permission="{
permissions: ['posts\\.(create|edit|delete)'],
mode: 'regex',
}"
>
Manage Posts
</button>
// router/index.ts
router.beforeEach(async (to, from, next) => {
const requiredPermission = to.meta.permission;
if (requiredPermission && !(await hasPermission(requiredPermission))) {
next("/403");
} else {
next();
}
});
// When user permissions change (login, role update, etc.)
const updateUserPermissions = async () => {
// Update permissions in your store
authStore.permissions = await fetchUserPermissions();
// Clear cache to trigger re-evaluation
clearPermissionCache();
};
Enable development mode to see detailed permission check logs:
import { setDevelopmentMode } from "vue-permission-directive";
setDevelopmentMode(true);
// Now you'll see logs like:
// [v-permission] Checking permission: user.read
// [v-permission] User permissions: ['user.read', 'user.write']
// [v-permission] Permission granted: true
Test different permission scenarios:
import { testPermissions } from "vue-permission-directive";
// Run comprehensive tests
await testPermissions();
.once modifier for static permissions that don't change.lazy modifier to disable reactive updatesWe welcome contributions! Please read our contributing guidelines before submitting PRs.
MIT Β© Kerolos
FAQs
A flexible Vue 3 directive for managing user permissions with support for AND, OR, regex, and pattern-based checks.
The npm package vue-permission-directive receives a total of 23 weekly downloads. As such, vue-permission-directive popularity was classified as not popular.
We found that vue-permission-directive demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Β It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Socket detected malicious node-ipc versions with obfuscated stealer/backdoor behavior in a developing npm supply chain attack.
Security News
TeamPCP and BreachForums are promoting a Shai-Hulud supply chain attack contest with a $1,000 prize for the biggest package compromise.
Security News
Packagist urges PHP projects to update Composer after a GitHub token format change exposed some GitHub Actions tokens in CI logs.