RBAC
(Hierarchical Role Based Access Control)
RBAC is the authorization library for NodeJS.
Motivation
I needed hierarchical role based access control for my projects based on ExpressJS. I had one requirement. This structure must be permanently stored in various storages. For example in memory or Mongoose. Because there is a lot of options for storing of data and many of them are asynchronous. I created asynchronous API. Please, if you found any bug or you need custom API, create an issue or pull request.
Documentation
Read more about API in documentation
Support us
Star this project on GitHub.
Install
npm install rbac
Usage
import { RBAC } from 'rbac'; // ES5 var RBAC = require('rbac').default;
const rbac = new RBAC({
roles: ['superadmin', 'admin', 'user', 'guest'],
permissions: {
user: ['create', 'delete'],
password: ['change', 'forgot'],
article: ['create'],
rbac: ['update'],
},
grants: {
guest: ['create_user', 'forgot_password'],
user: ['change_password'],
admin: ['user', 'delete_user', 'update_rbac'],
superadmin: ['admin'],
},
});
await rbac.init();
Usage with express
import express from 'express';
import { RBAC } from 'rbac';
import secure from 'rbac/controllers/express';
// your custom controller for express
function adminController(req, res, next) {
res.send('Hello admin');
}
const app = express();
const rbac = new RBAC({
roles: ['admin', 'user'],
});
await rbac.init();
// setup express routes
app.use('/admin', secure.hasRole(rbac, 'admin'), adminController);
Check permissions
const can = await rbac.can('admin', 'create', 'article');
if (can) {
console.log('Admin is able create article');
}
// or you can use instance of admin role
const admin = await rbac.getRole('admin');
if (!admin) {
return console.log('Role does not exists');
}
const can = await admin.can('create', 'article');
if (can) {
console.log('Admin is able create article');
}
Mongoose user model
Please take a look on plugin mongoose-hrbac
Build documentation
npm run doc
Running Tests
npm run test
Build
npm run build
Credits
License
The MIT License (MIT)
Copyright (c) 2016-2018 Zlatko Fedor [email protected]