rbac-engine
Version:
Role-based access control engine with policy-based permissions
87 lines โข 4.95 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.runComprehensiveExample = runComprehensiveExample;
const client_dynamodb_1 = require("@aws-sdk/client-dynamodb");
const index_1 = require("../index");
const dynamodb_repo_1 = require("../db/dynamodb-repo");
const uuid_1 = require("uuid");
const dynamoClient = new client_dynamodb_1.DynamoDBClient({ region: "us-east-1" });
const accessControl = new index_1.AccessControl(dynamoClient, dynamodb_repo_1.DynamoDBRepository);
async function runComprehensiveExample() {
try {
console.log("๐ RBAC Engine - Comprehensive Example");
console.log("=".repeat(60));
await accessControl.init();
console.log("โ
System initialized\n");
const [adminRoleId, editorRoleId] = [(0, uuid_1.v4)(), (0, uuid_1.v4)()];
await accessControl.createRole({ id: adminRoleId, name: "Admin" });
await accessControl.createRole({ id: editorRoleId, name: "Editor" });
const adminUser = await accessControl.createUser({ id: (0, uuid_1.v4)(), name: "Admin User" });
const editorUser = await accessControl.createUser({ id: (0, uuid_1.v4)(), name: "Editor User" });
const contractorUser = await accessControl.createUser({ id: (0, uuid_1.v4)(), name: "Contractor User" });
console.log("โ Created users and roles");
const adminPolicyId = (0, uuid_1.v4)();
await accessControl.createPolicy({
id: adminPolicyId,
document: {
Version: "2025-05-29",
Statement: [{ Effect: index_1.Effect.Allow, Action: ["*"], Resource: ["*"] }]
}
});
console.log("โ Created admin policy (traditional JSON)");
const editorPolicy = await accessControl.createPolicy(new index_1.PolicyBuilder(`editor-${(0, uuid_1.v4)()}`)
.version("2025-05-29")
.statement(new index_1.StatementBuilder()
.allow(["read", "create", "update"])
.on(["document/*"])
.when({ department: "engineering" }))
.statement(new index_1.StatementBuilder()
.deny(["delete"])
.on(["document/critical/*"])));
console.log("โ Created editor policy (builder pattern with conditions)");
const contractorPolicy = await accessControl.createPolicy(new index_1.PolicyBuilder(`contractor-${(0, uuid_1.v4)()}`)
.version("2025-05-29")
.allow(["read", "update"])
.on(["project/temp/*"])
.when({ contractorId: "C12345" })
.activeFrom("2025-01-01T00:00:00Z")
.activeUntil("2025-06-30T23:59:59Z"));
await accessControl.attachPolicyToUser(contractorPolicy.id, contractorUser.id);
console.log("โ Created time-based contractor policy (direct user attachment)");
await accessControl.attachPolicyToRole(adminPolicyId, adminRoleId);
await accessControl.attachPolicyToRole(editorPolicy.id, editorRoleId);
await accessControl.assignRoleToUser(adminUser.id, adminRoleId);
await accessControl.assignRoleToUser(editorUser.id, editorRoleId);
console.log("โ Assigned roles and policies");
console.log("\n๐งช Permission Tests:");
const adminCanDelete = await accessControl.hasAccess(adminUser.id, "delete", "document/123");
console.log(` Admin can delete: ${adminCanDelete ? "โ
" : "โ"}`);
const editorCanRead = await accessControl.hasAccess(editorUser.id, "read", "document/123", { department: "engineering" });
console.log(` Editor can read (with context): ${editorCanRead ? "โ
" : "โ"}`);
const editorCannotRead = await accessControl.hasAccess(editorUser.id, "read", "document/123", { department: "hr" });
console.log(` Editor cannot read (wrong context): ${!editorCannotRead ? "โ
" : "โ"}`);
const editorCannotDelete = await accessControl.hasAccess(editorUser.id, "delete", "document/critical/data");
console.log(` Editor cannot delete critical: ${!editorCannotDelete ? "โ
" : "โ"}`);
const contractorCanAccess = await accessControl.hasAccess(contractorUser.id, "read", "project/temp/file", { contractorId: "C12345" });
console.log(` Contractor time-based access: ${contractorCanAccess ? "โ
" : "โ"}`);
console.log("\nโ
Validation Example:");
try {
new index_1.PolicyBuilder(`invalid-${(0, uuid_1.v4)()}`)
.allow(["read"])
.build();
}
catch (error) {
console.log(`โ Caught validation error: ${error.message}`);
}
}
catch (error) {
console.error("โ Error:", error);
process.exit(1);
}
}
if (require.main === module) {
runComprehensiveExample()
.then(() => console.log("\n๐ Ready to use RBAC Engine!"))
.catch(console.error);
}
//# sourceMappingURL=comprehensive-example.js.map