accesscontrol-middleware
v1.0.3
Published
> config your express routes to have role and attribute based access control.
Downloads
13,408
Readme
accesscontrol-middleware
config your express routes to have role and attribute based access control.
This middleware helps to config express routes to check permission granted with accesscontol.
Installing / Getting started
Install via npm
npm install accesscontrol-middleware --save
Now define roles and grants via accesscontol.
const ac = new AccessControl();
ac.grant('user') // define new or modify existing role. also takes an array.
.createOwn('profile') // equivalent to .createOwn('profile', ['*'])
.deleteOwn('profile')
.readAny('profile')
.grant('admin') // switch to another role without breaking the chain
.extend('user') // inherit role capabilities. also takes an array
.updateAny('profile')
.deleteAny('profile');
Initialize AccessControlMiddleware
const AccessControlMiddleware = require('accesscontrol-middleware');
const accessControlMiddleware = new AccessControlMiddleware(ac);
config any express route
route.put('/profile/:userId',
accessControlMiddleware.check({
resource : 'profile',
action : 'update',
checkOwnerShip : true, // optional if false or not provided will check any permission of action
operands : [
{ source : 'user', key : '_id' }, // means req.user._id (use to check ownership)
{ source : 'params', key : 'userId' } // means req.params.userId (use to check ownership)
]
}),
controller.updateProfile);
Tests
npm test