rbac-rethinkdb
Role-based access control for RethinkDB apps.
Instalations
npm install rbac-rethinkdb --save
Usage
With rbac-rethinkdb you can do the following:
- Create
Roles
- Create
Permissions
- Assing
Permission
toRole
. CreateGrant
- Assing
Permission
to specificSubject
which can useResource
- Assing
Role
toSubject
- Check if
Subject
hasPermission
- Check if
Role
hasPermission
More information about RBAC you can reach by link
RBAC
You can import RBAC separately and use it with your own storage, which should have been implemented with RBAC Storage methods
; const rbac = storage: ;
But probably you would like to use RethinkDBStorage
; const rbac = storage: ;
Storage
Options
To connect RBAC storage with your DB you should define RethinkDB conect options.
const connectOptions = authKey: '' db: 'test' host: 'localhost' port: 28015;
And RBAC RethinkDB storage options would look like
const storageOptions = ...connectOptions subjectTable: 'Users' roles: 'Developer' 'QA' 'PM' permissions: 'Write_code' 'Manage_team' 'Check_quality' 'Check_Facebook' resources: grants: 'Developer' 'Write_code' 'Developer' 'Check_Facebook' 'QA' 'Check_quality' 'QA' 'Check_Facebook' 'PM' 'Manage_team' ;
where:
- subjectTable: Table in your DB with
Subjects
. Will createSubjects
by default - roles: List of predefined
Roles
. Can be empty - permissions: List of predefined
Permissions
. Can be empty - resources: List of Table names with resources which can be used by specific
Subject
. Can by empty - grants: List of predefined
Grants
in format[ [ROLE, PERMISSION] ]
. Can be empty
Methods
addRole(role: string): Promise<boolean>
Add new Role
. true
if added, false
if Role
already exsit.
removeRole(role: string): Promise<boolean>
Remove existing Role
. true
if removed.
addPermission(permission: string): Promise<boolean>
Add new Permission
. true
if added.
removePermission(permission: string): Promise<boolean>
Remove existing Role
. true
if removed.
grant(role: string, permission: stirng): Promise<boolean>
Assign existing Permission
to existing Role
. true
if assigned.
removeGrant(role: string, permission: string): Promise<boolean>
Remove existing Permission
from existing Role
. true
if removed.
grantSubjectToResource(subjectId, permission, resourceId, resource)
Assing Permission
to specific Subject
which can use specfic Resource
.
An example: as I user I can see all posts, but only I can edit my posts.
Params:
- subjectId:
string
- id ofSubject
from table in DB - permission:
string
- existingPermission
- resourceId:
string
- id ofResource
entity - resource:
string
-Resource
table name Returns:Promise<boolean>
removeSubjectFromResource(subjectId, permission, resourceId, resource)
Remove connection between specific Subject
and Permission
on some Resource
.
Params, and Returns the same as for grantSubjectToResource()
can(role: string, permission: string): Promise<boolean>
Check if Role
has a Permission
. true
if has.
canAny(roles: Array<string>, permission: string): Promise<boolean>
Check if any of Roles
has a Permission
. true
if at least one Role
has a Permission
canAll(roles: Array<string>, permission: string): Promise<boolean>
Check if all Roles
have a Permission
. true
if all Roles
has a Permission
canSubjectUsePermission(subjectId, permission, resourceId, resource)
Check if specific Subject
has a Permission
to use specific Resource
. true
if has. Params, and Returns the same as for grantSubjectToResource()
addSubjectToRole(subjectId: string, role: string) :Promise<boolean>
Assing Role
to specific Subject
removeSubjectFromRole(subjectId: string, role: string):Promise<boolean>
Delete Role
from specific Subject
getPermissions(role: string): Promise<Permissions>
Get list of all Permission
from Role
. Where Permissions = Array<string>
getRoles(subjectId: string): Promise<Roles>
Get list of all Roles
from Subject
. Where Roles = Array<string>