npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@xaamin/guardian

v0.2.4

Published

Awesome ACL

Downloads

8

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

xaaminxaamin

Keywords

Readme

Authorization

Installation

Issue the next command in the command line

npm install @xaamin/guardian
// or
yarn install @xaamin/guardian

Introduction

Guardian is a simple way to authorize user actions against a given resource. There are two primary ways of authorizing actions: gates and policies.

Think of gates as simple ACL rules. Gates provide a simple, Closure based approach to authorization.

You can use Gate or Guardian, both are only aliases and have the same features.

For NodeJS imports you have to use the const { User } = require('@xaamin/guardian'); and module.exports = AuthorizedUser; sintax.

User interface (The contract)

You must need to create a base class that inherit from @xaamin/guardian/src/Support/User in order to make the module works. You only need to implement the remaining getPermissions and getRoles methods and return the proper values from inside out.

    import { User } from '@xaamin/guardian';

    class AuthorizedUser extends User {
        getPermissions() {
            return this.permissions;
        }

        getRoles() {
            return this.roles;
        }
    }

    export default AuthorizedUser;

Setting a user for authorization

You need to create a class that inherit from @xaamin/guardian/src/Support/User or use the default User class or a plain ocject like the given in the example below, something like the next lines and use the setUser method from the Guardian class.

    // Import the guadian gate
    import { Guardian } from '@xaamin/guardian';
    import { User } from '@xaamin/guardian';

    // Or using your own implementation
    // import User from './AuthorizedUser';

    const LoggedInUser = new User({
        id: 2,
        name: 'Ben',
        email: '[email protected]',
        roles: [{
                group: 'Default',
                role: 'editor',
                name: 'Post editor'
            },{
                group: 'Default',
                role: 'audit',
                name: 'Log auditor'
        }],
        permissions: [{
            group: 'Default',
            permission: 'post.create',
            granted: true
        }, {
            group: 'Default',
            permission: 'post.delete',
            granted: false
        }]
    });

    // Or using a plain object as long it has permissions and roles
    // as properties of type array
    /*
    const LoggedInUser = {
        id: 2,
        name: 'Ben',
        email: '[email protected]',
        roles: [{
                group: 'Default',
                role: 'editor',
                name: 'Post editor'
            },{
                group: 'Default',
                role: 'audit',
                name: 'Log auditor'
        }],
        permissions: [{
            group: 'Default',
            permission: 'post.create',
            granted: true
        }, {
            group: 'Default',
            permission: 'post.delete',
            granted: false
        }]
    };
    */

    // Setting a user for authorization
    Guardian.setUser(LoggedInUser);

Gates

Writing Gates

Gates are Closures that determine if a user is authorized to perform a given action. Gates always receive a user instance as their first argument with all the power of ACL validation, and may optionally receive additional arguments such as a relevant model:

    import { Guardian } from '@xaamin/guardian';

    // Using the built-in ACL under user
    Guardian.define('post.update', (user, post) => {
        return user.is(['editor']) && post.created_by === user.id;
    });

    // Using some kind of logic
    Guardian.define('post.edit', (user, post) => {
        return user.is(['editor']) && post.created_by === user.id;
    })

Authorizing Actions

To authorize an action using gates, you should use the allows or denies methods. Note that you are not required to pass the currently authenticated user to these methods. The module will automatically take care of passing the user into the gate Closure:

    import { Gate } from '@xaamin/guardian';

    if (Gate::allows('post.update', post)) {
        // The current user can update the post...
    }

    if (Gate::denies('post.update', post)) {
        // The current user can't update the post...
    }

If you would like to determine if a particular user is authorized to perform an action, you may use the forUser method on the Gate facade:

    import { Gate } from '@xaamin/guardian';

    if (Gate::forUser(user)->allows('post.update', post)) {
        // The user can update the post...
    }

    if (Gate::forUser(user)->denies('post.update', post)) {
        // The user can't update the post...
    }

Intercepting Gate Checks

Sometimes, you may wish to grant all abilities to a specific user. You may use the before method to define a callback that is run before all other authorization checks:

    import { Gate } from '@xaamin/guardian';

    Gate::before(function (user, ability) {
        if (user->is('admin')) {
            return true;
        }
    });

If the before callback returns a non-null result that result will be considered the result of the check.

You may use the after method to define a callback to be executed after every authorization check. However, you may not modify the result of the authorization check from an after callback:

    import { Gate } from '@xaamin/guardian';

    Gate::after(function (user, ability, result, arguments) {
        //
    });