Skip to content

seeden/rbac

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
4 branches 23 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
 
 
src
 
 
.eslintignore
 
 
.eslintrc
 
 
.gitignore
 
 
.npmignore
 
 
.travis.yml
 
 
HISTORY.md
 
 
LICENSE
 
 
README.md
 
 
babel.config.js
 
 
gulpfile.js
 
 
jsdocConfig.js
 
 
package.json
 
 
RBAC Motivation Documentation Support us Install Usage Usage with express Check permissions Mongoose user model Build documentation Running Tests Build Credits License

README.md

RBAC

(Hierarchical Role Based Access Control)

NPM version build status Test coverage Gitter chat

RBAC is the authorization library for NodeJS.

🎉 We have supported DynamoDB storage now by implementation of dynamoose.

Motivation

I needed hierarchical role based access control for my projects based on ExpressJS. I had one requirement. This structure must be permanently stored in various storages. For example in memory or Mongoose. Because there is a lot of options for storing of data and many of them are asynchronous. I created asynchronous API. Please, if you found any bug or you need custom API, create an issue or pull request.

Documentation

Read more about API in documentation

Support us

Star this project on GitHub.

Install

npm install rbac

Usage

import { RBAC } from 'rbac'; // ES5 var RBAC = require('rbac').default;
const rbac = new RBAC({
  roles: ['superadmin', 'admin', 'user', 'guest'],
  permissions: {
    user: ['create', 'delete'],
    password: ['change', 'forgot'],
    article: ['create'],
    rbac: ['update'],
  },
  grants: {
    guest: ['create_user', 'forgot_password'],
    user: ['change_password'],
    admin: ['user', 'delete_user', 'update_rbac'],
    superadmin: ['admin'],
  },
});

await rbac.init();

Usage with express

import express from 'express';
import { RBAC } from 'rbac';
import secure from 'rbac/controllers/express';

// your custom controller for express
function adminController(req, res, next) {
  res.send('Hello admin');
}

const app = express();
const rbac = new RBAC({
  roles: ['admin', 'user'],
});

await rbac.init();

// setup express routes
app.use('/admin', secure.hasRole(rbac, 'admin'), adminController);

Check permissions

const can = await rbac.can('admin', 'create', 'article');
if (can) {
  console.log('Admin is able create article');
}

// or you can use instance of admin role
const admin = await rbac.getRole('admin');
if (!admin) {
  return console.log('Role does not exists');
}

const can = await admin.can('create', 'article');
if (can) {
  console.log('Admin is able create article');    
}

Mongoose user model

Please take a look on plugin mongoose-hrbac

Build documentation

npm run doc

Running Tests

npm run test

Build

npm run build

Credits

License

The MIT License (MIT)

Copyright (c) 2016-2018 Zlatko Fedor zfedor@goodmodule.com

About

Hierarchical Role Based Access Control for NodeJS

Topics

javascript authentication permissions auth authorization rbac role-based-access-control role

Resources

Readme

License

MIT license

Stars

930 stars

Watchers

31 watching

Forks

105 forks

Releases 3

First 5.0 working release Latest
Aug 1, 2018
+ 2 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 8

Languages