Wondering what’s next for npm?Check out our public roadmap! »

    access-control-rules

    2.0.0 • Public • Published

    access-control-rules

    Access control for hierarchical data.

    Why

    Factored out of a hyperbase server implementation.

    How

    Make some rules:

    var rules = {
      '.read': true,
      things: {
        '$id': {
          '.read': function (cb) {
            cb(null, this.id === '0')
          },
          '.write': function (value, cb) {
            cb(null, value && this.id === '0')
          },
          nested: {
            reserved: {
              '.write': false
            }
          }
        }
      }
    }

    Then check to see if you have permission to read and write stuff:

    var ac = require('access-control-rules')
     
    ac.read(rules, null, '/things/0'.split('/'), function (err, allow) {
      // allow === true
    })
     
    ac.read(rules, null, '/things/1'.split('/'), function (err, allow) {
      // allow === false
    })
     
    ac.write(rules, null, '/things/0'.split('/'), 'thing!', , function (err, allow) {
      // allow === true
    })
     
    ac.write(rules, null, '/things/1'.split('/'), 'thing!', function (err, allow) {
      // allow === false
    })
     
    ac.write(rules, null, '/things/0'.split('/'))
      // allow === false
    })
     
    ac.write(rules, null, '/things/0'.split('/'), { nested: { x: 42 }}, function (err, allow) {
      // allow === true
    })
     
    ac.write(rules, null, '/things/0'.split('/'), { nested: { reserved: 42 }}, function (err, allow) {
      // allow === false
    })

    Test

    $ npm test
    $ npm run test-browser (depends on a globally installed zuul)

    Prior art

    The idea is based on Firebase's security rules. The main important difference is that ".read" rules do not check any nested rules - this allows masking specific fields when reading objects.

    License

    WTFPL

    Install

    npm i access-control-rules

    DownloadsWeekly Downloads

    0

    Version

    2.0.0

    License

    WTFPL

    Last publish

    Collaborators

    • avatar