UNPKG

@parthar/rbac

Version:

Role Based Access Control

gitlab.com/clutter/rbac

116 lines (99 loc) 3.09 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
"use strict"; const promisify = require("util").promisify; // Grant => Role & Permissions // store => roles & permissions are strings // getRoles() // getRolePermissions(role) // setRolePermissions(role, permissions) // deleteRole(role) const Permissions = require("./Permissions"); async function can(store, roles, resource, action) { let idx; let ret = false; for (idx = 0; idx < roles.length; idx++) { // eslint-disable-line no-magic-numbers ret = new Permissions( await store.getRolePermissions(roles[idx]) // eslint-disable-line no-await-in-loop ).can(resource, action); if (ret) { break; } } return ret; } async function commit(that) { let pArr; if (!that._role) { throw new Error("set role before including roles"); } pArr = that._inherits.map(async (role) => { let permStrs = await that.permissions4role(role); if (!permStrs || permStrs instanceof Error) { throw new Error("cannot inherit from non-existent role: " + role); } that._permissions.include(new Permissions(permStrs)); }); await Promise.all(pArr); // wait to get all inherited-perms that._deny.forEach(function eachPerm(pem) { that._permissions.exclude(pem); }); await that._store.setRolePermissions(that._role, that._permissions.export()); delete that._role; delete that._inherits; delete that._deny; delete that._permissions; } class Grants { constructor(store) { this._store = store; } listRoles(callback) { return callback ? this._store.getRoles(callback) : promisify(this._store.getRoles)(); } permissions4role(role, callback) { return callback ? this._store.getRolePermissions(role, callback) : promisify(this._store.getRolePermissions)(role); } deleteRole(role, callback) { return callback ? this._store.deleteRole(role, callback) : promisify(this._store.deleteRole)(role); } can(roles, resource, action, callback) { return callback ? can(this._store, roles, resource, action) .then(res => callback(null, res)) .catch(err => callback(err)) : can(this._store, roles, resource, action); } // fluent api role(role) { this._role = role; this._inherits = []; this._deny = []; this._permissions = new Permissions(); return this; } inherits(arr) { this._inherits = this._inherits.concat(arr); return this; } allow(permsObj) { this._permissions.include(permsObj); return this; } deny(permsObj) { this._deny.push(permsObj); return this; } commit(callback) { return callback ? commit(this) .then(() => callback(null)) .catch(err => callback(err)) : commit(this); } } module.exports = Grants;