UNPKG

@superawesome/permissions

Version:

Fine grained permissions / access control with ownerships & attribute picking, done right.

permissions.docs.superawesome.com

SuperAwesomeLTD/permissions

57 lines 3.02 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.permissionDefinitions_examples = exports.PD_EXAMPLE_SUPER_ADMIN = exports.PD_EXAMPLE_COMPANY_ADMIN = exports.PD_EXAMPLE_EMPLOYEE_MANAGER = exports.PD_EXAMPLE_EMPLOYEE = void 0; const data_fixtures_1 = require("./data.fixtures"); const types_1 = require("../types"); // note: we can't use new lines on PermissionDefinition.descr, as pOTS breaks prettier. exports.PD_EXAMPLE_EMPLOYEE = { roles: ['EMPLOYEE'], resource: 'document', descr: `> As an **EMPLOYEE**, I can **create**, **read** & **list** only my **OWN Documents (created by me)** , all attributes except **confidential**. Also, I can **list** all **Documents** on the system, but only access the **title** & **date** attributes.`, isOwner: data_fixtures_1.isOwner_isUserCreatorOfDocument, listOwned: data_fixtures_1.listOwned_listUserCreatedDocuments, possession: types_1.EPossession.own, grant: { create: ['*', '!confidential'], read: ['*', '!confidential'], list: ['*', '!confidential'], 'list:any': ['title', 'date'], }, }; exports.PD_EXAMPLE_EMPLOYEE_MANAGER = { roles: ['EMPLOYEE_MANAGER'], resource: 'document', descr: `> As a **EMPLOYEE_MANAGER**, I can **read**, **list**, **review** & **delete** all **Documents** created by **any User that I am managing**, all document attributes except **confidential**. Also, I can **list** all **Documents** on the system, but only access the **title**, **date** & **status** attributes.`, isOwner: data_fixtures_1.isOwner_isDocCreatedByMeAndMyManagedUsers, listOwned: data_fixtures_1.listOwned_DocsOfMeAndMyManagedUsers, possession: types_1.EPossession.own, grant: { read: ['*', '!confidential', '!personal'], review: ['*', '!confidential', '!personal'], delete: ['*', '!confidential', '!personal'], list: ['*', '!confidential', '!personal'], 'list:any': ['title', 'date', 'status'], }, }; exports.PD_EXAMPLE_COMPANY_ADMIN = { roles: ['COMPANY_ADMIN'], resource: 'document', descr: `> As a **COMPANY_ADMIN**, I can **read**, **update** and **review** all **Documents** created by **any User in my Company**, all attributes.`, isOwner: data_fixtures_1.isOwner_isDocCreatedByMeAndMyCompanyUsers, listOwned: data_fixtures_1.listOwned_DocsOfMeAndMyCompanyUsers, possession: types_1.EPossession.own, grant: [`read`, `update`, `review`], }; exports.PD_EXAMPLE_SUPER_ADMIN = { roles: ['SUPER_ADMIN'], resource: '*', descr: `> As a **SUPER_ADMIN**, I can do all actions on **any resource** (not just documents), created by ANY User, ANY Company and access all attributes.`, grant: ['*'], }; exports.permissionDefinitions_examples = [ exports.PD_EXAMPLE_EMPLOYEE, exports.PD_EXAMPLE_EMPLOYEE_MANAGER, exports.PD_EXAMPLE_COMPANY_ADMIN, exports.PD_EXAMPLE_SUPER_ADMIN, ]; //# sourceMappingURL=permissionDefinitions-examples.fixtures.js.map