authorizedjs - simple authorization tool for node applications

Usage

It's very easy to use the tool with CoffeeScript.

Permits

Set up permits.

Auth = require 'authorizedjs'

class MyTestPermits extends Auth.Permits
    adminOnlyAction: (resource) ->
        @user.role is "admin"

    everyUserAction: (resource) ->
        @user.role is "user"

    resourceBasedAction: (resource) ->
        resource.user.id is @user.id

    validForEverybody: (resource) ->
        true

    secret: (resource) ->
        false

now in your route/controller you can check for authorization:

1. set up authorization:

auth = new Auth.Authorization({MyTest: MyTestPermits})

This is the place where you are map your resource with permits. In this example
`MyTest` is a name of your resource and `MyTestPermits` is an object where permits for actions are defined.

2. check if a user can perform an action (assuming that `currentUser` is the user you are going to check):

a). You can use string as resource name when you don't need to compare user rights against the resource

if auth.check currentUser, 'MyTest', 'adminOnlyAction' # we're ok to go! else # rights are not sufficient to see that resource!

It's also possible to use class name for that:

class MyTest constructor: ->

if auth.check currentUser, MyTest, 'adminOnlyAction' # we're ok to go! else # rights are not sufficient to see that resource!

You need to ensure that this resource returns its name with `resource.name`. In our case it should be:

console.log MyTest.name

'MyTest'

4. when user can manage only his/her resource then it's better to use the resource object

class MyTest constructor: (@user) ->

myTestObject = new MyTest(someUser)

if auth.check currentUser, myTestObject, 'resourceBasedAction' # we're ok to go! else # rights are not sufficient

it's very important that resource returns its name with `resource.constructor.name`! In our case it should be:

console.log myTestObject.constructor.name

MyTest