access-policy
v3.1.0
Published
Encodes and decodes policy JSON files for use with web applications.
Downloads
313
Readme
Access Policy Encoder/Parser
Statements Format
{
"statements": [ //Array
{
"effect": "deny", // String
"action": "*", // String or Array
"resource": [ // String or Array
"/user/${user.id}/*"
],
"condition": { // Object
"equals": { // Object
"key": "value"
}
},
"restiction": {
"equals": { // Object
"key": "value"
}
}
}
]
}
Statement
- effect: (Optional) Access to a resource is always denied if there are no matches in a statement. If you need to countermand a more "general" allowed statement with a specific rule, you would use
deny
. - action: The HTTP action (
GET
,POST
,PUT
,DELETE
) - resource: The URL that is being accessed
- condition: (Optional) A condition for accessing the resource. NOT YET IMPLEMENTED
- restriction: (Otional) Restrictions to the data that can be accessed from a resource. While it's entirely possible to access a resource it can be possible to limit that data that is available from it.
Encoding
Encoding a statement happens at run time (if the provided statement hasn't already been encoded) and evaluated against data provided.
Template Format
When encoding a policy variables are provided via template literal style strings.
{
"key": "${value}"
}
Parsing
Accepted Data
The following object is what the parser expects to recieve.
{
Action: 'GET',
Resource: 'user/12345',
property: 'value',
property2: {
key: 'value',
key2: 'value'
}
}
Required
The following properties are required for validation:
- Method: The http method for the request (
GET
,POST
,PUT
,DELETE
) - Resource: The
pathname
of the requesting URL
Optional
Beyond the required properties you can inlude arbitrary properties that can be nested and accessed during encoding.
// Template
{
"statements": [
{
"effect": "deny",
"action": "*",
"resource": [
"/user/${user.id}/*"
],
"restiction": {
"equals": {
"account_id": "${accountId}"
}
}
}
]
}
// Data
{
Action: "GET",
Resource: "/user/1234",
accountId: "5678"
}