datumo-scopes
v0.1.0
Published
Authorize data access on Datumo models using scopes
Downloads
1
Maintainers
Readme
datumo-scopes
datumo-scopes is an opinionated library that helps you control access to data on Datumo models on a per-property basis using scopes.
What is datumo-scopes?
Documentation
Example Usage
Datumo requires Node.js 4.0 or later.
$ npm install --save datumo-scopes datumo
let Datumo = require('datumo')
let DatumoScopes = require('datumo-scopes')
class Person extends Datumo.Model {
static get schema () {
return {
id: { type: 'integer', minimum: 0, required: true },
givenName: { type: 'string', required: true },
middleName: { type: 'string' },
familyName: { type: 'string', required: true },
email: { type: 'string', format: 'email' }
}
}
static get propertySets () {
return {
name: ['givenName', 'middleName', 'familyName'],
email: ['email']
}
}
static getByID (id) {
// ...
}
}
let personScopes = new DatumoScopes(Person)
// ...
server.get('/person/:id', (req, res, next) => {
Person.getByID(req.params.id).then(person => {
let filteredPerson = personScopes.filter(person, req.user.scopes)
res.send(filteredPerson)
}).catch(err => next(err))
})
// Data:
// {
// id: 12345,
// givenName: 'Amanda',
// familyName: 'Bryson',
// email: '[email protected]'
// }
// Request:
// req.user.scopes === ['Person-read-name']
// GET /person/12345
// Response:
// {
// givenName: 'Amanda',
// familyName: 'Bryson'
// }
License
MIT