sskpi-pbac
v0.0.1-beta.2
Published
PBAC Library for SSKPI microservice platform
Downloads
1
Readme
Overview
The project is a PBAC library of SSKPI project,
Prerequisites
- Git
- Docker | Docker for Mac | Docker for Windows
- Node.js
- Yarn
- A Bitbucket account with a configured SSH key
Install
npm i sskpi-pbacGetting started
- Check one context
const statements = [
{
effect: 'allow',
actions: ['*'],
resources: ['*'],
},
{
effect: 'deny',
actions: ['*'],
resources: ['workspace', 'employee'],
},
{
effect: 'allow',
actions: ['invite'],
resources: ['employee'],
},
];
const pbac = new PBAC(statements);
const check = pbac.evaluate({
action: 'create',
resource: 'employee',
});
// check = true- Check with multi context
const statements = [
{
effect: 'allow',
actions: ['*'],
resources: ['*'],
},
{
effect: 'deny',
actions: ['*'],
resources: ['workspace', 'employee'],
},
{
effect: 'allow',
actions: ['invite'],
resources: ['employee'],
},
];
const pbac = new PBAC(statements);
const functions = [
{
resource: 'employee',
action: 'create',
},
{
resource: 'employee',
action: 'update',
},
{
resource: 'employee',
action: 'list',
},
{
resource: 'employee',
action: 'remove',
},
{
resource: 'employee',
action: 'invite',
},
{
resource: 'org',
action: 'create',
},
{
resource: 'org',
action: 'remove',
},
{
resource: 'workspace',
action: 'create',
},
{
resource: 'workspace',
action: 'remove',
},
];
const result = pbac.evaluateMulti(functions);
// const result = [
// {
// resource: 'employee',
// action: 'create',
// allow: false,
// },
// {
// resource: 'employee',
// action: 'update',
// allow: false,
// },
// {
// resource: 'employee',
// action: 'list',
// allow: false,
// },
// {
// resource: 'employee',
// action: 'remove',
// allow: false,
// },
// {
// resource: 'employee',
// action: 'invite',
// allow: true,
// },
// {
// resource: 'org',
// action: 'create',
// allow: true,
// },
// {
// resource: 'org',
// action: 'remove',
// allow: true,
// },
// {
// resource: 'workspace',
// action: 'create',
// allow: false,
// },
// {
// resource: 'workspace',
// action: 'remove',
// allow: false,
// },
// ];- Convert function matrix to pbac statements
const functions = [
{
resource: 'employee',
action: 'create',
allow: true,
},
{
resource: 'employee',
action: 'update',
allow: true,
},
{
resource: 'employee',
action: 'list',
allow: true,
},
{
resource: 'employee',
action: 'remove',
allow: true,
},
{
resource: 'employee',
action: 'invite',
allow: false,
},
{
resource: 'org',
action: 'create',
allow: true,
},
{
resource: 'org',
action: 'remove',
allow: true,
},
{
resource: 'workspace',
action: 'create',
allow: false,
},
{
resource: 'workspace',
action: 'remove',
allow: false,
},
];
const pbac = new PBAC();
pbac.addFromFunctionMatrix(functions);
const statements = pbac.getStatements();
// const statements = [
// {
// effect: 'allow',
// actions: ['*'],
// resources: ['employee', 'org'],
// },
// {
// effect: 'deny',
// actions: ['*'],
// resources: ['workspace'],
// },
// {
// effect: 'deny',
// actions: ['invite'],
// resources: ['employee'],
// },
// ];License
Copyright © GNU General Public License v3.0