Skip to content

Commit

Permalink
Merge branch 'master' of github.com:OptimalBits/node_acl
Browse files Browse the repository at this point in the history
  • Loading branch information
manast committed Aug 5, 2015
2 parents e918b6d + fc59798 commit 25be3d0
Show file tree
Hide file tree
Showing 7 changed files with 271 additions and 91 deletions.
7 changes: 5 additions & 2 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,11 @@ language: node_js

# test on two node.js versions: 0.10
node_js:
- 0.10
- '0.10'
- '0.12'
- 'iojs-v1'
- 'iojs-v2'

services:
services:
- redis-server
- mongodb
98 changes: 59 additions & 39 deletions Readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@

This module provides a minimalistic ACL implementation inspired by Zend_ACL.

When you develop a web site or application you will soon notice that sessions are not enough to protect all the
available resources. Avoiding that malicious users access other users content proves a much more
When you develop a web site or application you will soon notice that sessions are not enough to protect all the
available resources. Avoiding that malicious users access other users content proves a much more
complicated task than anticipated. ACL can solve this problem in a flexible and elegant way.

Create roles and assign roles to users. Sometimes it may even be useful to create one role per user,
to get the finest granularity possible, while in other situations you will give the *asterisk* permission
Create roles and assign roles to users. Sometimes it may even be useful to create one role per user,
to get the finest granularity possible, while in other situations you will give the *asterisk* permission
for admin kind of functionality.

A Redis, MongoDB and In-Memory based backends are provided built-in in the module. There are other third party backends such as [*knex*](https://github.com/christophertrudel/node_acl_knex) based and [*firebase*](https://github.com/tonila/node_acl_firebase). There is also an alternative memory backend that supports [*regexps*](https://github.com/futurechan/node_acl-mem-regexp).
Expand All @@ -17,6 +17,8 @@ Follow [manast](http://twitter.com/manast) for news and updates regarding this l
##Status

[![BuildStatus](https://secure.travis-ci.org/OptimalBits/node_acl.png?branch=master)](http://travis-ci.org/OptimalBits/node_acl)
[![Dependency Status](https://david-dm.org/OptimalBits/node_acl.svg)](https://david-dm.org/OptimalBits/node_acl)
[![devDependency Status](https://david-dm.org/OptimalBits/node_acl/dev-status.svg)](https://david-dm.org/OptimalBits/node_acl#info=devDependencies)

##Features

Expand All @@ -43,6 +45,7 @@ npm install acl
* [roleUsers](#roleUsers)
* [hasRole](#hasRole)
* [addRoleParents](#addRoleParents)
* [removeRoleParents](#removeRoleParents)
* [removeRole](#removeRole)
* [removeResource](#removeResource)
* [allow](#allow)
Expand Down Expand Up @@ -71,7 +74,7 @@ acl = new acl(new acl.memoryBackend());
acl = new acl(new acl.mongodbBackend(dbInstance, prefix));
```

All the following functions return a promise or optionally take a callback with
All the following functions return a promise or optionally take a callback with
an err parameter as last parameter. We omit them in the examples for simplicity.

Create roles implicitly by giving them permissions:
Expand Down Expand Up @@ -114,14 +117,14 @@ lead to unnecessary nested callbacks for handling errors. Instead use the follow
```javascript
acl.allow([
{
roles:['guest','member'],
roles:['guest','member'],
allows:[
{resources:'blogs', permissions:'get'},
{resources:['forums','news'], permissions:['get','put','delete']}
]
},
{
roles:['gold','silver'],
roles:['gold','silver'],
allows:[
{resources:'cash', permissions:['sell','exchange']},
{resources:['account','deposit'], permissions:['put','delete']}
Expand Down Expand Up @@ -166,7 +169,7 @@ It will return an array of resource:[permissions] like this:
```
Finally, we provide a middleware for Express for easy protection of resources.
Finally, we provide a middleware for Express for easy protection of resources.
```javascript
acl.middleware()
Expand All @@ -184,7 +187,7 @@ The middleware will protect the resource named by *req.url*, pick the user from
acl.isAllowed(req.session.userId, '/blogs/12345', 'put')
```
The middleware accepts 3 optional arguments, that are useful in some situations. For example, sometimes we
The middleware accepts 3 optional arguments, that are useful in some situations. For example, sometimes we
cannot consider the whole url as the resource:
```javascript
Expand All @@ -207,7 +210,7 @@ app.put('/blogs/:id/comments/:commentId', acl.middleware(3, 'joed', 'post'), fun
Adds roles to a given user id.
__Arguments__
```javascript
userId {String|Number} User id.
roles {String|Array} Role(s) to add to the user id.
Expand All @@ -218,7 +221,7 @@ __Arguments__
<a name="removeUserRoles"/>
### removeUserRoles( userId, roles, function(err) )
Remove roles from a given user.
__Arguments__
Expand All @@ -237,7 +240,7 @@ __Arguments__
Return all the roles from a given user.
__Arguments__
```javascript
userId {String|Number} User id.
callback {Function} Callback called when finished.
Expand All @@ -246,12 +249,12 @@ __Arguments__
---------------------------------------
<a name="roleUsers" />
### roleUsers( rolename, function(err, roles) )
### roleUsers( rolename, function(err, users) )
Return all users who has a given role.
__Arguments__
```javascript
rolename {String|Number} User id.
callback {Function} Callback called when finished.
Expand All @@ -265,7 +268,7 @@ __Arguments__
Return boolean whether user has the role
__Arguments__
```javascript
userId {String|Number} User id.
rolename {String|Number} role name.
Expand All @@ -289,13 +292,30 @@ __Arguments__
---------------------------------------
<a name="removeRoleParents" />
### removeRoleParents( role, parents, function(err) )
Removes a parent or parent list from role.
If `parents` is not specified, removes all parents.
__Arguments__
```javascript
role {String} Child role.
parents {String|Array} Parent role(s) to be removed [optional].
callback {Function} Callback called when finished [optional].
```
---------------------------------------
<a name="removeRole" />
### removeRole( role, function(err) )
Removes a role from the system.
__Arguments__
```javascript
role {String} Role to be removed
callback {Function} Callback called when finished.
Expand All @@ -305,11 +325,11 @@ __Arguments__
<a name="removeResource" />
### removeResource( resource, function(err) )
Removes a resource from the system
__Arguments__
```javascript
resource {String} Resource to be removed
callback {Function} Callback called when finished.
Expand All @@ -323,7 +343,7 @@ __Arguments__
Adds the given permissions to the given roles over the given resources.
__Arguments__
```javascript
roles {String|Array} role(s) to add permissions to.
resources {String|Array} resource(s) to add permisisons to.
Expand All @@ -332,13 +352,13 @@ __Arguments__
```
### allow( permissionsArray, function(err) )
__Arguments__
```javascript
permissionsArray {Array} Array with objects expressing what permissions to give.
[{roles:{String|Array}, allows:[{resources:{String|Array}, permissions:{String|Array}]]

callback {Function} Callback called when finished.
```
Expand All @@ -352,7 +372,7 @@ Remove permissions from the given roles owned by the given role.
Note: we loose atomicity when removing empty role_resources.
__Arguments__
```javascript
role {String}
resources {String|Array}
Expand All @@ -367,12 +387,12 @@ __Arguments__
Returns all the allowable permissions a given user have to
access the given resources.
It returns an array of objects where every object maps a
It returns an array of objects where every object maps a
resource name to a list of permissions for that resource.
__Arguments__
```javascript
userId {String|Number} User id.
resources {String|Array} resource(s) to ask permissions for.
Expand All @@ -383,32 +403,32 @@ __Arguments__
<a name="isAllowed" />
### isAllowed( userId, resource, permissions, function(err, allowed) )
Checks if the given user is allowed to access the resource for the given
Checks if the given user is allowed to access the resource for the given
permissions (note: it must fulfill all the permissions).
__Arguments__
```javascript
userId {String|Number} User id.
resource {String} resource to ask permissions for.
permissions {String|Array} asked permissions.
callback {Function} Callback called wish the result.
callback {Function} Callback called with the result.
```
---------------------------------------
<a name="areAnyRolesAllowed" />
### areAnyRolesAllowed( roles, resource, permissions, function(err, allowed) )
Returns true if any of the given roles have the right permissions.
__Arguments__
```javascript
roles {String|Array} Role(s) to check the permissions for.
resource {String} resource to ask permissions for.
permissions {String|Array} asked permissions.
callback {Function} Callback called wish the result.
callback {Function} Callback called with the result.
```
---------------------------------------
Expand All @@ -425,15 +445,15 @@ __Arguments__
```
whatResources(role, permissions, function(err, resources) )
Returns what resources a role has the given permissions over.
__Arguments__
```javascript
role {String|Array} Roles
permissions {String|Array} Permissions
callback {Function} Callback called wish the result.
callback {Function} Callback called with the result.
```
---------------------------------------
Expand Down Expand Up @@ -469,10 +489,10 @@ __Arguments__
```
```javascript
var mongodb = require('mongodb');
var mongodb = require('mongodb');
mongodb.connect("mongodb://127.0.0.1:27017/acltest", function(error, db) {
var mongoBackend = new acl.mongodbBackend(db, 'acl_');
});
});
```
Creates a new MongoDB backend using database instance `db`.
Expand All @@ -496,7 +516,7 @@ Run tests with `npm` (requires mocha):
- Support for denials (deny a role a given permission)
##License
##License
(The MIT License)
Expand Down
14 changes: 10 additions & 4 deletions index.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,10 @@
module.exports = require("./lib/acl.js");
module.exports.redisBackend = require("./lib/redis-backend.js");
module.exports.memoryBackend = require("./lib/memory-backend.js");
module.exports.mongodbBackend = require("./lib/mongodb-backend.js");
module.exports = require('./lib/acl.js');
module.exports.__defineGetter__('redisBackend', function(){
return require('./lib/redis-backend.js');
});
module.exports.__defineGetter__('memoryBackend', function(){
return require('./lib/memory-backend.js');
});
module.exports.__defineGetter__('mongodbBackend', function(){
return require('./lib/mongodb-backend.js');
});
Loading

0 comments on commit 25be3d0

Please sign in to comment.