The Permissions logic

This module allows you to grant object permissions to Roles. You can specify a role with certain permissions by simply requiring the module as your Role class like

var Role = require('acl-lite');
var myRole = new Role();

So far this role has no permissions specified. You can add permissions to specific object property paths by calling myRole.addPermission('a.b.c'); myRole.addPermission('x.y'); or by providing the constructor with these information: new Role(['a.b.c', 'x.y'])

Given the above example permissions, the role now can access the following properties:

myRole.hasPermission('a')       // → true
myRole.hasPermission('a.b')     // → true
myRole.hasPermission('a.b.c')   // → true
myRole.hasPermission('a.b.cc')  // → false
myRole.hasPermission('a.bb')    // → false
myRole.hasPermission('aa')      // → false
myRole.hasPermission('x')       // → true
myRole.hasPermission('x.y')     // → true
myRole.hasPermission('x.y.z')   // → true

This can easily be applied to an object. So the role can access all the properties granted permission to (via constructor or addPermissions()) and their parents.

To check, whether a role can all the properties of a given object you can use the checkObject() method:

var myRole = Role(['a.b.c', 'x.y']);
var testObj = {
  a: {
    b: {
      c: 'test',
      cc: 'test'
    },
    bb: 'test'
  },
  aa: 'test',
  x: {
    y: {
      z: 'test'
    }
  }
};
myRole.checkObject(testObj);    // → 'a.b.cc' 

This returns the path of the first property which the role has no permissions for. In this example the role also has no permissions to a.bb and aa. (Note: x.y.z is alright as the role is granted permission to its parent x.y!)