actions-authorization
v0.0.2
Published
Basic permission checks for api
Downloads
4
Readme
Action Authorizaiton
Import
const { authorize, arrayWrapper } = require('actions-authorization')
Example
const { authorize, arrayWrapper } = require('actions-authorization')
// permissions
const sameOrg = arrayWrapper((user, model) => {
if(model._modelOptions.name.plural === 'organisations') return user.organisationId === model.id
else return user.organisationId === model.organisationId
})
const isOwner = arrayWrapper((user, model) => user.id === model.userId)
const isMe = arrayWrapper((user, model) => user.id === model.id)
// Permission object
// true = all access
module.exports = authorize({
EVERYONE: {
organisations: ['create', 'view'],
campaigns: ['view', 'list'],
activties: ['view', 'list'],
actions: ['view', 'list', 'create'],
users: ['create']
},
ROOT: true,
ORG_ADMIN: sameOrg,
PARTICIPANT: {
users: isMe,
actions: isOwner,
}
})
Use in api
authorize(user, 'list', model.data)
Options for middle value includes: 'view' 'list' 'create' 'update' 'delete'