• Stars
    star
    184
  • Rank 209,187 (Top 5 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created about 8 years ago
  • Updated 2 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Simple role and service method permissions for Feathers

feathers-permissions

CI Dependency Status Download Status

Simple role and service method permissions for Feathers

Note: This module implements a hook simple role and service method based permissions checked against the permissions in a user (entity) object. More complex requirements can already be implemented as custom Feathers hooks. See here and here for more information.

Installation

npm install feathers-permissions --save

Important: The feathers-permissions hook should be used after the authenticate() hook from @feathersjs/authentication.

Simple example

The following example will limit all messages service calls to users that have admin in their roles:

const feathers = require('@feathersjs/feathers');
const memory = require('feathers-memory');
const checkPermissions = require('feathers-permissions');
const app = feathers();

app.use('/messages', memory());

app.service('messages').hooks({
  before: [
    authenticate('jwt'),
    checkPermissions({
      roles: [ 'admin' ]
    })
  ]
});

// User from the database
const user = {
  email: '[email protected]',
  permissions: [ 'admin' ]
}

Documentation

Feathers permissions allows you to grant and manage permissions in a flexible nature based on role and service method. Each object that requires permissions must have an array or a comma separated string of permissions stored on it (typically in your database).

Options

The following options are available:

  • roles - A list of permission roles to check or a function that takes the hook context and returns a list of roles. Can be a comma separated string of roles or an array of roles.
  • entity (default: user) - The name of the entity (params[entity])
  • field (default: permissions) - The name of the permissions field on the entity. May be dot separated to access nested fields.
  • error - If set to false will not throw a Forbidden error but instead set params.permitted to true or false. Useful for chaining permission hooks.

Permission format

The list of permissions will be obtained from params[entity] and field. It can be a comma separate list or an array of permissions in the following format:

  • * - Allow everything
  • ${role} or ${role}:* - Allow every service method (find, get, create, update, patch, remove) for role
  • *:${method} - Allow method service method for any role
  • ${role}:${method} - Allow method service method for role

This means the following use of feathers-permissions:

app.service('messages').hooks({
  before: checkPermissions({
    roles: [ 'admin', 'user' ]
  })
});

Will allow user permissions containing *, admin:*, user:* and the service method that is being called (e.g. admin:create or user:find and *:create and *:find).

The following will create a dynamic permission based on the hook context.path:

app.service('messages').hooks({
  before: checkPermissions({
    roles: context => {
      return [ 'admin', context.path ];
    }
  })
});

Permissions can also be assembled asynchronously:

app.service('messages').hooks({
  before: checkPermissions({
    roles: async context => {
      const { user } = context.params;
      const roles = await app.service('roles').find({
        query: {
          userId: user._id
        }
      });

      return roles.data;
    }
  })
});

Conditionally restricting permissions

To conditionally either allow access by roles or otherwise restrict to the current user, a combination of feathers-permissions - setting the error option to false - feathers-authentication-hooks and feathers-hooks-common#iff (checking for params.permitted) can be used:

app.service('messages').hooks({
  before: {
    find: [
      checkPermissions({
        roles: ['super_admin', 'admin'],
        field: 'roles',
        error: false
      }),
      iff(context => !context.params.permitted,
        setField({
          from: 'params.user._id',
          as: 'params.query.userId'
        })
      )
    ]
  }
});

More examples

const feathers = require('@feathersjs/feathers');
const memory = require('feathers-memory');
const checkPermissions = require('feathers-permissions');
const app = feathers();

app.use('/messages', memory());

app.service('messages').hooks({
  before: checkPermissions({
    roles: [ 'admin', 'messages' ]
  })
});

// User from the database (e.g. added via @feathersjs/authentication)
const user = {
  email: '[email protected]',
  permissions: [ 'messages:find', 'messages:get' ]
  // Also possible
  permissions: 'messages:find,messages:get'
}

const admin = {
  email: '[email protected]',
  permissions: [ 'admin:*' ]
}

// Will pass
app.service('messages').find({
  user
});

// Will fail
app.service('messages').create({
  user
});

// Will pass
app.service('messages').create({
  provider: 'rest', // this will be set automatically by external calls
  user: admin
});

License

Copyright (c) 2019

Licensed under the MIT license.

More Repositories

1

feathers-vuex

Integration of FeathersJS, Vue, and Nuxt for the artisan developer
TypeScript
445
star
2

authentication

[MOVED] Feathers local, token, and OAuth authentication over REST and Websockets using JSON Web Tokens (JWT) with PassportJS.
JavaScript
317
star
3

feathers-authentication-management

Adds sign up verification, forgotten password reset, and other capabilities to local feathers-authentication
TypeScript
247
star
4

feathers-swagger

Add documentation to your FeatherJS services and feed them to Swagger UI.
JavaScript
225
star
5

feathers-sync

Synchronize service events between Feathers application instances
JavaScript
222
star
6

feathers-reactive

Reactive API extensions for Feathers services
TypeScript
216
star
7

feathers-sequelize

A Feathers service adapter for the Sequelize ORM. Supporting MySQL, MariaDB, Postgres, SQLite, and SQL Server
TypeScript
208
star
8

feathers-react-native-chat

A React Native example chat app using feathers
JavaScript
196
star
9

feathers-hooks-common

Useful hooks for use with FeathersJS services.
TypeScript
193
star
10

feathers-mongoose

Easily create a Mongoose Service for Feathersjs.
JavaScript
189
star
11

cli

The command line interface for scaffolding Feathers applications
JavaScript
155
star
12

feathers-mongodb

A mongodb service for feathers
JavaScript
122
star
13

generator-feathers

A Yeoman generator for a Feathers application
JavaScript
120
star
14

feathers-authentication-hooks

Useful hooks for authentication and authorization
JavaScript
115
star
15

feathers-redux

Integrate Feathers with your Redux store
JavaScript
114
star
16

feathers-knex

Service adapters for KnexJS a query builder for PostgreSQL, MySQL, MariaDB, Oracle and SQLite3
JavaScript
112
star
17

client

[MOVED] Client side Feathers build
JavaScript
111
star
18

feathers-chat-vuex-0.7

Feathers Chat application build using feathers-vuex
CSS
102
star
19

feathers-objection

Feathers database adapter for Objection.js, an ORM based on KnexJS SQL query builder for Postgres, Redshift, MSSQL, MySQL, MariaDB, SQLite3, and Oracle. Forked from feathers-knex.
JavaScript
98
star
20

feathers-chat-react

Feathers Chat application build using React and create-react-app
JavaScript
97
star
21

feathers-batch

Batch multiple Feathers service calls into one
JavaScript
96
star
22

feathers-stripe

TypeScript
95
star
23

feathers-blob

Feathers service for blob storage, like S3.
JavaScript
92
star
24

feathers-rethinkdb

A Feathers service adapter for RethinkDB.
JavaScript
85
star
25

feathers-nedb

A service using NeDB, an embedded datastore for Node.js
TypeScript
83
star
26

feathers-mailer

Feathers mailer service using nodemailer
TypeScript
83
star
27

feathers-elasticsearch

Feathersjs adapter for Elasticsearch
JavaScript
78
star
28

validate-joi

Feathers hook utility for schema validation, sanitization and client notification using Joi.
JavaScript
67
star
29

feathers-hooks

Service method hooks for easy authorization and processing
JavaScript
59
star
30

feathers-chat-ts

A Feathers real-time chat application in TypeScript
TypeScript
54
star
31

feathers-rest

The Feathers HTTP(S) transport plugin for REST APIs
JavaScript
52
star
32

feathers-chat-angular

An angular implementation of a feathers-chat client
TypeScript
52
star
33

feathers-chat-vuex

Feathers Chat built with Feathers-Vuex 3.0
CSS
50
star
34

feathers-swift

FeathersJS Swift SDK, written with love.
Swift
50
star
35

feathers-memory

An in memory feathers service
JavaScript
44
star
36

authentication-client

[MOVED] The authentication client
JavaScript
41
star
37

feathers-localstorage

A client side service based on feathers-memory that persists to LocalStorage
JavaScript
38
star
38

socketio

[MOVED] The Feathers Socket.io websocket transport plugin
JavaScript
37
star
39

schema

JavaScript and TypeScript schema definitions
TypeScript
35
star
40

errors

[MOVED] Feathers errors for server and client
JavaScript
35
star
41

authentication-jwt

[MOVED] JWT authentication strategy for feathers-authentication using Passport
JavaScript
30
star
42

configuration

[MOVED] A plugin for configuring a Feathers application
JavaScript
28
star
43

feathers-profiler

Log feathers service calls and gather profile information on them.
JavaScript
27
star
44

feathers-bootstrap

Feathers application bootstrap and configuration using JSON files
JavaScript
26
star
45

authentication-oauth2

[MOVED] OAuth 2 plugin for feathers-authentication
JavaScript
26
star
46

feathers-mailgun

A Feathers service for Mailgun
JavaScript
26
star
47

authentication-local

[MOVED] Local authentication plugin for feathers-authentication
JavaScript
26
star
48

feathers-logger

A little wrapper for convenient logging in feathers
JavaScript
23
star
49

feathers-debugger

Feathers Debugger Chrome extension
JavaScript
23
star
50

generator-feathers-plugin

A Yeoman generator for creating a FeathersJS plugin.
JavaScript
22
star
51

feathers-waterline

A Feathers adapter for the Waterline ORM
JavaScript
21
star
52

feathers-service-tests

A test harness for Feathers service implementations
JavaScript
20
star
53

feathers-authentication-ldap

LDAP authentication strategy for feathers-authentication using Passport
JavaScript
19
star
54

primus

[MOVED] The Feathers Primus websocket transport plugin
JavaScript
18
star
55

feathers-levelup

LevelUP instances as Feathers services
JavaScript
14
star
56

feathers-authentication-popups

Server and client utils for implementing popup-based authentication flows
JavaScript
14
star
57

batch-loader

Reduce requests to backend services by batching calls and caching records.
JavaScript
13
star
58

express

[MOVED] Feathers Express framework bindings and REST transport plugin
JavaScript
13
star
59

feathers-query-filters

Adds support for special query string params used for filtering data
JavaScript
12
star
60

commons

[MOVED] Shared utility functions
JavaScript
11
star
61

transport-commons

[MOVED] Shared functionality for Feathers transports
JavaScript
11
star
62

feathers-mongodb-management

Manage MongoDB Databases, Users & Collections with this Feathers service adapter
JavaScript
11
star
63

feathers-generator

A metalsmith based generator for scaffolding Feathers apps.
JavaScript
10
star
64

feathers-debugger-service

Feathers Debugger service, use with Feathers Debugger.
JavaScript
9
star
65

feathers-cassandra

Feathers service adapter for Cassandra DB based on Express-Cassandra ORM and CassanKnex query builder
JavaScript
8
star
66

rest-client

[MOVED] REST client services for different Ajax libraries
JavaScript
8
star
67

feathers-android

Android client for feathers services
Java
7
star
68

feathers-swift-socketio

FeathersSwift SocketIO Transport Provider
Swift
7
star
69

feathers-twilio

A Feathers service for talking to the Twilio API
JavaScript
7
star
70

website

The old Feathers website
Less
6
star
71

dataloader

JavaScript
6
star
72

feathers-authentication-custom

Custom authentication strategy for feathers-authentication using Passport
JavaScript
5
star
73

authentication-oauth1

[MOVED] A Feathers OAuth1.x authentication strategy
JavaScript
5
star
74

socketio-client

[MOVED] Client services for Socket.io and feathers-socketio
JavaScript
5
star
75

primus-client

[MOVED] Client services for Primus and feathers-primus
JavaScript
5
star
76

feathers-redis

A Feathers redis service adapter
JavaScript
4
star
77

tools

Codemods and other generator and repository management tools
JavaScript
3
star
78

feathers-couchbase

A Couchbase Service for feathers
JavaScript
3
star
79

feathers-swift-rest

REST Transport provider for FeathersSwift
Swift
2
star
80

feathers-ios

Feathers service client for iOS
Swift
2
star
81

feathers-sendgrid

Sendgrid service for Feathers
JavaScript
1
star