npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

trailpack-proxy-permissions

v2.1.6

Published

Permissions - Trailpack for Proxy Engine

Downloads

246

Readme

trailpack-proxy-permissions

Waffle.io - Columns and their card count

NPM version Build status Dependency Status Code Climate

Permissions built for speed, security, scalability, and love from Cali Style Technologies

The Proxy Permissions is built to be used on Trails.js with Proxy Engine. It's purpose is to allow for complex ERP style permissions down to the model level as well as restrict routes based on permissions.

Dependencies

Supported ORMs

| Repo | Build Status (edge) | |---------------|---------------------------------------| | trailpack-sequelize | Build status |

Supported Webserver

| Repo | Build Status (edge) | |---------------|---------------------------------------| | trailpack-express | Build status |

Install

$ npm install --save trailpack-proxy-permissions

Configuration

First you need to add this trailpack to your main configuration :

// config/main.js

module.exports = {
   ...

   packs: [
      ...
      require('trailpack-proxy-permissions'),
      ...
   ]
   ...
}

Then permissions config:

// config/proxyPermissions.js
module.exports = {
  //Role name to use for anonymous users
  defaultRole: 'public',
  //Role name to add to users on create
  defaultRegisteredRole: 'registered',
  // Name of the association field for Role under User model
  userRoleFieldName: 'roles',
  // add all models as resources in database on initialization
  modelsAsResources: true,
  // Initial data added when DB is empty
  fixtures: {
    roles: [],
    resources: [],
    permissions: []
  },
  // The default super admin username
  defaultAdminUsername: 'admin',
  // The default super admin password
  defaultAdminPassword: 'admin1234'
}

You also need to have a User model like:

const Model = require('trails-model')
const ModelPassport = require('trailpack-proxy-passport/api/models/User') // If you use trailpack-pasport
const ModelPermissions = require('trailpack-proxy-permissions/api/models/User')
class User extends Model {
  static config(app, Sequelize) {
    return {
      options: {
        classMethods: {
          associate: (models) => {
            // Apply passport specific stuff
            ModelPassport.config(app, Sequelize).options.classMethods.associate(models) 
            // Apply permission specific stuff
            ModelPermissions.config(app, Sequelize).options.classMethods.associate(models)
            // Apply your specific stuff
          }
        }
      }
    }
  }
  static schema(app, Sequelize) {
    return {
     // your stuff
    }
  }
}

Usage

Default Admin

When your applications starts, if there are no users in your database, proxy-permissions will create a super admin using your defaults

Manage roles

Use the native sequelize model under this.app.orm.Roles, if you need initial roles just add them on proxyPermissions config file under fixtures.roles.

Manage resources

Use the native sequelize model under this.app.orm.Resources, if you need initial resources just add them on proxyPermissions config file under fixtures.resources.

Manage model permissions

Static declaration under config

//config/proxypermissions.js
fixtures: {
    roles: [{
      name: 'role_name',
      public_name: 'Role name'
    }],
    resources: [{
      type: 'model',
      name: 'modelName',
      public_name: 'Model name'
    }],
    permissions: [{
       role_name: 'role_name',
       resourceName: 'modelName',
       action: 'create'
     }, {
       role_name: 'role_name',
       resourceName: 'modelName',
       action: 'update'
     }, {
       role_name: 'role_name',
       resourceName: 'modelName',
       action: 'destroy'
     }, {
       role_name: 'role_name',
       resourceName: 'modelName',
       action: 'access'
     }]
  }

Owner permissions

This trailpack can manage owner permissions on model instance, to do this you need to declare your permissions like this :

{
  roleName: 'roleName',
  relation: 'owner',
  resourceName: 'modelName',
  action: 'create'
}

You can create this permissions with sequelize model, with fixtures options or with PermissionService like this:

this.app.services.PermissionService.grant('roleName', 'modelName', 'create', 'owner').then(perm => () => {})
.catch(err => this.app.log.error(err))

Then you need to declare an owners attributes on your models like this :

module.exports = class Item extends Model {
  static config(app, Sequelize) {
    return {
      options: {
        classMethods: {
          associate: (models) => {
            models.Item.belongsToMany(models.User, {
              as: 'owners',
              through: 'UserItem'//If many to many is needed
            })
          }
        }
      }
    }
  }
}

If the model is under a trailpack and you don't have access to it you can add a model with same name on your project, let's do this for the model User witch is already in trailpack-proxy-permissions and trailpack-proxy-passport:

const ModelPassport = require('trailpack-proxy-passport/api/models/User')
const ModelPermissions = require('../api/models/User')
const Model = require('trails-model')
module.exports = class User extends Model {
  static config(app, Sequelize) {
    return {
      options: {
        classMethods: {
          associate: (models) => {
            ModelPassport.config(app, Sequelize).options.classMethods.associate(models)
            ModelPermissions.config(app, Sequelize).options.classMethods.associate(models)
            models.User.belongsToMany(models.Item, {
              as: 'items',
              through: 'UserItem'
            })
          }
        }
      }
    }
  }
  static schema(app, Sequelize) {
      const UserTrailpackSchema = ModelPassport.schema(app, Sequelize)
      let schema = {
        //All your attributes here
      }
      return _.defaults(UserTrailpackSchema, schema)//merge passport attributs with your
    }
}

Like this you can add owners permissions on all preferred models.

WARNING! Currently owner permissions are not supported for update destroy actions on multiple items (with no ID)

Dynamically with PermissionService

// Grant a permission to create 'modelName' to 'roleName'
this.app.services.PermissionService.grant('roleName', 'modelName', 'create').then(perm => () => {})
.catch(err => this.app.log.error(err))

// Revoke a permission to create 'modelName' to 'roleName'
this.app.services.PermissionService.revoke('roleName', 'modelName', 'create').then(perm => () => {})
.catch(err => this.app.log.error(err))

Manage route permissions

Route permissions can be added directly under route definition:

{
  method: 'GET',
  path: '/api/myroute',
  handler: 'DefaultController.myroute',
  config: {
    app: {
      proxyPermissions: {
        resourceName: 'myrouteId',
        roles: ['roleName']
      }
    }
  }
}

When the DB is empty all routes permissions will be created, if you make any change after this you'll have to update permissions yourself.

You can use PermissionService anytime you want to grant or revoke routes permissions.

Policies

You have 2 policies to manage permissions, they return a 403 when user is not allowed :

CheckPermissions.checkRoute

This one will check your route permissions, if they are no explicit permissions then the route is accessible. The easy way to setup is :

//config/policies.js
'*': [ 'CheckPermissions.checkRoute' ]
//or
ViewController: [ 'CheckPermissions.checkRoute' ] 

CheckPermissions.checkModel

This one will check your model permissions, if there are no explicit permissions models are not accessible

//config/policies.js
FootprintController: [ 'CheckPermissions.checkModel' ] // To check permissions on models