npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

permissionary

v0.1.1

Published

Tiny and framework-agnostic role-based permission management using composition over inheritance

Downloads

9

Readme

Permissionary - bringing permissions to the lawless

NPM Version Dependencies Build Status Code Coverage Greenkeeper badge

Tiny and framework-agnostic role-based permission management using a model of composition over inheritance.

npm install --save permissionary

Usage

var {checkPermission, findRoles} = require('permissionary');

Philosophy

Many permission systems use the idea of inheritance to define roles in terms of other roles. This can lead to the definition of non-flexible roles where the developer has to make decisions that determine what will be possible in the future. Mattias Petter Johansson has a good video explaining the phenomenon.

To combat this issue, Permissionary has no inheritance. Instead, groupings of grants are given names (known as roles), and multiple such roles can be assigned to a user. This allows one to define very minimal roles (containing the minimum number of grants necessary to carry meaning) and define types of users as being compositions of multiple such roles. If at any point in the future, a new type of user is required that shares the responsibility of formerly unassociated roles, all you'd have to do was assign both roles to that user.

API

checkPermission :: StrMap (Array String) -⁠> Array String -⁠> String -⁠> Boolean

A curried function that takes three arguments and returns a Boolean:

  1. A mapping from role names to an array of grants represented by glob patterns to match permission names.
  2. An Array of role names.
  3. A permission name.

The glob patterns will be filtered down to contain only those associated with the given list of roles. The permission will be checked against the filtered glob patters using micromatch to produce the Boolean.

To make optimal use of this function, it is recommended to partially apply the function to produce new functions, as shown in the example below:

// This defines a mapping from roles to permissions.
// We can use wildcards to assign multiple permissions at once.
> var createVerifier = checkPermission({
.   'content-reader': ['content.read', 'images.read'],
.   'content-writer': ['content.write', 'images.upload'],
.   'superadmin': ['*']
. })

// Let's say our user Bob is a content-reader, and also a content-writer.
> var canBob = createVerifier(['content-reader', 'content-writer'])

// And Alice is an administrator.
> var canAlice = createVerifier(['superadmin'])

// Bob has this permission through his content-reader role.
> canBob('content.read')
true

// Bob does not have this permission.
> canBob('users.create')
false

// Alice, however, does. She has all permissions (even the ones
// we haven't thought of yet).
canAlice('users.create')
true

findRoles :: StrMap (Array String) -⁠> String -⁠> Array String

A curried function that takes two arguments and returns an Array of role names:

  1. A mapping from role names to an array of grants represented by glob patterns to match permission names.
  2. A permission name.

This function can be used to answer the question: "Which role do I need to obtain a given permission?"

> var getRequiredRoles = findRoles({
.   'content-reader': ['content.read', 'images.read'],
.   'content-writer': ['content.write', 'images.upload'],
.   'superadmin': ['*']
. })

> getRequiredRoles('content.read')
['content-reader', 'superadmin']