UNPKG

imperium

Version:

Imperium is a role-based user's authorizations (ACL) library for Node.js.

github.com/terrajs/imperium

terrajs/imperium

148 lines (124 loc) 3.77 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
'use strict' const { map, find, compact, forIn, chain, keys, some } = require('lodash') class ImperiumDoor { constructor (imperium, ctx) { this.imperium = imperium this.ctx = ctx } /** * Check if action matches any of user roles action * * @param name Name of the action * @param params Params of the action * * @return {boolean} */ async can (name, params) { const routeAction = { name, ...params } // Transform imperium stored roles object into an array with only matching action const roles = compact(map(this.imperium._roles, ({ process, actions }, role) => { const action = find(actions, { name }) if (!action) return null return { role, action, process } })) for (const role of roles) { /* istanbul ignore else */ if (await this._roleMatchRouteAction(role, routeAction)) return true } return false } /** * Inverse of `can` method (code should always be affirmative) * * @param name Name of the action * @param params Params of the action * * @return {boolean} */ async cannot (name, params) { return !(await this.can(name, params)) } /** * Check if user has role * * @param name Name of the role * * @return {boolean} */ async is (name, params = {}) { const role = this.imperium._roles[name] /* istanbul ignore if */ if (!role) return false const processedRole = await role.process(this.ctx) if (!processedRole) return false if (typeof processedRole === 'boolean') return processedRole const processedRoles = Array.isArray(processedRole) ? processedRole : [processedRole] return some(processedRoles, (processedRoleParams) => { return this._matchActions(processedRoleParams, params) }) } /** * Inverse of `is` method (code should always be affirmative) * * @param name Name of the role * @param params Params of the action * * @return {boolean} */ async isnot (name, params) { return !(await this.is(name, params)) } /** * Check if processed role matches route action * The role is processed using the current route context (auth) * * @private * * @param role Role to check * @param routeAction Action required by the route * * @return {boolean} */ async _roleMatchRouteAction (role, routeAction) { const processedRole = await role.process(this.ctx) if (!processedRole) return false if (typeof processedRole === 'boolean') return processedRole const processedRoles = Array.isArray(processedRole) ? processedRole : [processedRole] return some(processedRoles, (params) => { const roleAction = { name: role.action.name } forIn(role.action.params, (value, key) => { if (value === '@') roleAction[key] = params[key] else roleAction[key] = value }) return this._matchActions(roleAction, routeAction) }) } /** * Check if roleAction matches routeAction * * @private * * @param roleAction Action of the current role loop * @param routeAction Action required by the route * * @return {boolean} */ _matchActions (roleAction, routeAction) { const actionsKeys = chain(keys(routeAction)).concat(keys(roleAction)).uniq().value() for (const key of actionsKeys) { const roleActionValue = roleAction[key] const routeActionValue = routeAction[key] || '*' if (roleActionValue !== '*') { if (Array.isArray(roleActionValue)) { if (roleActionValue.indexOf(routeActionValue) === -1) return false } else if (roleActionValue !== routeActionValue) return false } } return true } } module.exports = ImperiumDoor