authorizedjs
A tool for authorization based on permits
Last updated 7 years ago by warszk .
MIT · Repository · Original npm · Tarball · package.json
$ cnpm install authorizedjs 
SYNC missed versions from official npm registry.

authorizedjs - simple authorization tool for node applications

Usage

It's very easy to use the tool with CoffeeScript.

Permits

Set up permits.

Auth = require 'authorizedjs'

class MyTestPermits extends Auth.Permits
    adminOnlyAction: (resource) ->
        @user.role is "admin"

    everyUserAction: (resource) ->
        @user.role is "user"

    resourceBasedAction: (resource) ->
        resource.user.id is @user.id

    validForEverybody: (resource) ->
        true

    secret: (resource) ->
        false

now in your route/controller you can check for authorization:

1. set up authorization:

auth = new Auth.Authorization({MyTest: MyTestPermits})


This is the place where you are map your resource with permits. In this example
`MyTest` is a name of your resource and `MyTestPermits` is an object where permits for actions are defined.

2. check if a user can perform an action (assuming that `currentUser` is the user you are going to check):

a). You can use string as resource name when you don't need to compare user rights against the resource

if auth.check currentUser, 'MyTest', 'adminOnlyAction' # we're ok to go! else # rights are not sufficient to see that resource!


It's also possible to use class name for that:

class MyTest constructor: ->

if auth.check currentUser, MyTest, 'adminOnlyAction' # we're ok to go! else # rights are not sufficient to see that resource!

You need to ensure that this resource returns its name with `resource.name`. In our case it should be:

console.log MyTest.name

'MyTest'


4. when user can manage only his/her resource then it's better to use the resource object

class MyTest constructor: (@user) ->

myTestObject = new MyTest(someUser)

if auth.check currentUser, myTestObject, 'resourceBasedAction' # we're ok to go! else # rights are not sufficient


it's very important that resource returns its name with `resource.constructor.name`! In our case it should be:

console.log myTestObject.constructor.name

MyTest

Current Tags

  • 1.0.2                                ...           latest (7 years ago)

3 Versions

  • 1.0.2                                ...           7 years ago
  • 1.0.1                                ...           7 years ago
  • 1.0.0                                ...           7 years ago
Maintainers (1)
Downloads
Today 0
This Week 0
This Month 0
Last Day 0
Last Week 0
Last Month 0
Dependencies (1)
Dev Dependencies (1)
Dependents (1)

Copyright 2014 - 2016 © taobao.org |