UNPKG

access-mate

Version:

Attribute base access control using o-is for the conditions

46 lines (42 loc) 1.06 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
/** * The access control list. */ const oIs = require('o-is') const AccessMate = require('../../../index') const isNotSelf = oIs().not().propsEqual('resource.id', 'subject.id') module.exports = AccessMate.policySet() .deny() .name('user can only read own password/email') .target('user') .action('read') .fields('password', 'email') .condition(isNotSelf) .allow() .name('owner or admin can edit some of the user fields.') .target('user') .action('update') .condition() .or() .propsEqual('resource.id', 'subject.id') .true('subject.admin') .end() .end() .deny() .name('only owner can edit password and email') .target('user') .action(['update', 'read']) .fields('password', 'email') .condition(isNotSelf) .deny() .name('only admins can ban or set admin field') .target('user') .action(['update', 'create']) .fields('banned', 'admin') .condition() .not().true('subject.admin') .end() .allow() .name('anyone can create and read users') .target('user') .action(['create', 'read']) .end()