casbin.js
v0.5.1
Published
[![NPM version](https://img.shields.io/npm/v/casbin.js)](https://www.npmjs.com/package/casbin.js) [![Continuous integration](https://github.com/casbin/casbin.js/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/casbin/casbin.js/action
Downloads
14,895
Readme
Casbin.js
Casbin.js is a frontend port of a backend Casbin service, which facilitates the manipulation, management and storage of the user permission in a frontend application.
Example
We demonstrate the usage of Casbin.js with a React app. View the code to see more details.
You can use manual
mode in Casbin.js, and set the permission whenever you wish.
const casbinjs = require('casbin.js');
// Set the user's permission:
// He/She can read 2 objects: data1 and data2
// Can write 1 objects: data1
const permission = {
"read": ['data1', 'data2'],
"write": ['data1']
}
// Run casbin.js in manual mode, which requires you to set the permission manually.
const authorizer = new casbinjs.Authorizer("manual");
authorizer.setPermission(permission);
authorizer.can("read", "data1").then(result => {
console.log(result)
})
authorizer.cannot("write", "data2").then(result => {
console.log(result)
});
You can also use the auto
mode. In details, specify a casbin backend service endpoint when initializing the Casbin.js authorizer, and set the subject when the frontend user identity changes. Casbin.js will automatically fetch the permission from the endpoint. (A pre-configurated casbin service API is required at the backend.)
const casbinjs = require('casbin.js');
// Set your backend casbin service url
const authorizer = new casbinjs.Authorizer('auto', {endpoint: 'http://Domain_name/casbin/api'});
// When the identity shifts, reset the user. Casbin.js will automatically fetch the permission from the endpoint.
await authorizer.setUser("Tom");
// Evaluate the permission
authorizer.can("read", "data1").then();
More functionalities of Casbin.js are still under development. Feel free to raise issues to share your features suggestions!
TODO MAP
- [x] Permission cache.
- [ ] Cookie mode.
- [ ] Lightweight enforcer (avoid the abuse of async functions).
- [ ] Integration with other modern frontend frameworks.