Access Control Lists made simple, for node.
- Role based authorization for node.js apps.
- Create roles and assign roles to users, assign users to multiple roles.
- Add custom role authorization handlers.
- Completely promise based API,
Permissioned is a role based authorization module, that helps in granular authorization of a user, based on roles. Create roles, assign users to the roles, decide what kind of resource the roles can access.
As of now, it uses mongodb as it's primary storage, future versions will include memory storage, and maybe even a SQL storage.
npm install --save permissioned
const Permissioned = require('permissioned');
const Bluebird = require('bluebird');
const acl = new Permissioned(Permissioned.mongoStorage({
url: 'mongodb://localhost/acl',
prefix: 'acl' // Collection prefx - eg: acl_users / acl_roles etc.
}));
let user = acl.user('uniqueUserId');
let adminRole = acl.role('Administrator');
Bluebird.all([user.add(), adminRole.add()]) // Save admin role & the user
.then(() => user.assign('Administrator')) // Assign the user to 'Administrator' role.
.then(() => adminRole.allow('MyResourceName', { read: true, update: true })) // Allow read / update access for the 'MyResourceName' resource
.then(() => acl.hasAccess('uniqueUserId', 'MyResourceName', 'read')) // Check if the 'uniqueUserId' has read access for the resource name 'MyResourceName'- It's still a WIP, a lot of tests need to be covered, will soon release a stable v1.0.0
- Need more tests.
- Complete API documentation