Node ACL
This library provides a minimalistic ACL implementation with no connection to a database.
Installation
$ npm install node-access-control --save
Define the authorisations
It's recommended to deny access to all, then allows the routes for some specific roles. Note that an user is by default considered as authenticated if it contains an id.
const acl = ; acl;acl;acl;acl;acl;
Check the access
Checks the access by getting the user roles
const user = ... roles: 'marketing' ;acl // return trueacl // return trueacl // return trueacl // return false
//this user will be considered as authenticated because it contains an idconst user = id: 34 roles: ;acl // return trueacl // return trueacl // return false
//this user will NOT be considered as authenticated because it does not contains any idconst user = roles: ;acl // return falseacl // return falseacl // return false
Custom user structure
acl; const user = ... admin: true developer: true; acl // return true
Denies all
Checks the access by getting the user roles
acl; //this is the same as acl;
Documentation
add(roles, verb, url, permission)
Adds a specific access control.
roles {Array} Any roles that you want. The role 'any' and 'authenticated' already exist
verb {string} GET|POST|PATCH|PUT|DELETE|any (wildcard)
url {string} RegExp route
permission {string} allow|deny
can(user, verb, url)
Returns if the user have access to a specific route.
user {object} User containing the roles
verb {string} GET|POST|PATCH|PUT|DELETE|any (wildcard)
url {string} Route to test
setRolesGetter(method)
Defines a custom method to retrieve the user roles
method {Function} Function called when acl needs to retrieve the user roles
denyAll()
Denies all routes for all users