@ddt/iam

0.0.1 • Public • Published

@ddt/iam

Define an allowed or denied set of actions against a set of resources with optional context.

Deny rules trump allow rules.

const role = new Role([
  {
    effect: 'allow', // optional, defaults to allow
    resources: ['secrets:${user.id}:*'],
    actions: ['read', 'write'],
  },
  {
    resources: ['secrets:{${user.bestfriends}}:*'],
    actions: ['read'],
  },
  {
    effect: 'deny',
    resources: ['secrets:admin:*'],
    actions: ['read'],
  },
])

const context = { user: { id: 456, bestfriends: [123, 563, 1211] } }
// true
role.can('read', 'secrets:563:sshhh', context)
// false
role.can('read', 'secrets:admin:super-secret', context)

const friendsWithAdminContext = { user: { id: 456, bestfriends: ['admin'] } }
// false
role.can('read', 'secrets:admin:super-secret', friendsWithAdminContext)

Readme

Keywords

none

Package Sidebar

Install

npm i @ddt/iam

Weekly Downloads

0

Version

0.0.1

License

MIT

Unpacked Size

17.3 kB

Total Files

20

Last publish

Collaborators

  • markacola
  • stefcola