UNPKG

rbac-engine

Version:

Role-based access control engine with policy-based permissions

87 lines โ€ข 4.95 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.runComprehensiveExample = runComprehensiveExample; const client_dynamodb_1 = require("@aws-sdk/client-dynamodb"); const index_1 = require("../index"); const dynamodb_repo_1 = require("../db/dynamodb-repo"); const uuid_1 = require("uuid"); const dynamoClient = new client_dynamodb_1.DynamoDBClient({ region: "us-east-1" }); const accessControl = new index_1.AccessControl(dynamoClient, dynamodb_repo_1.DynamoDBRepository); async function runComprehensiveExample() { try { console.log("๐Ÿš€ RBAC Engine - Comprehensive Example"); console.log("=".repeat(60)); await accessControl.init(); console.log("โœ… System initialized\n"); const [adminRoleId, editorRoleId] = [(0, uuid_1.v4)(), (0, uuid_1.v4)()]; await accessControl.createRole({ id: adminRoleId, name: "Admin" }); await accessControl.createRole({ id: editorRoleId, name: "Editor" }); const adminUser = await accessControl.createUser({ id: (0, uuid_1.v4)(), name: "Admin User" }); const editorUser = await accessControl.createUser({ id: (0, uuid_1.v4)(), name: "Editor User" }); const contractorUser = await accessControl.createUser({ id: (0, uuid_1.v4)(), name: "Contractor User" }); console.log("โœ“ Created users and roles"); const adminPolicyId = (0, uuid_1.v4)(); await accessControl.createPolicy({ id: adminPolicyId, document: { Version: "2025-05-29", Statement: [{ Effect: index_1.Effect.Allow, Action: ["*"], Resource: ["*"] }] } }); console.log("โœ“ Created admin policy (traditional JSON)"); const editorPolicy = await accessControl.createPolicy(new index_1.PolicyBuilder(`editor-${(0, uuid_1.v4)()}`) .version("2025-05-29") .statement(new index_1.StatementBuilder() .allow(["read", "create", "update"]) .on(["document/*"]) .when({ department: "engineering" })) .statement(new index_1.StatementBuilder() .deny(["delete"]) .on(["document/critical/*"]))); console.log("โœ“ Created editor policy (builder pattern with conditions)"); const contractorPolicy = await accessControl.createPolicy(new index_1.PolicyBuilder(`contractor-${(0, uuid_1.v4)()}`) .version("2025-05-29") .allow(["read", "update"]) .on(["project/temp/*"]) .when({ contractorId: "C12345" }) .activeFrom("2025-01-01T00:00:00Z") .activeUntil("2025-06-30T23:59:59Z")); await accessControl.attachPolicyToUser(contractorPolicy.id, contractorUser.id); console.log("โœ“ Created time-based contractor policy (direct user attachment)"); await accessControl.attachPolicyToRole(adminPolicyId, adminRoleId); await accessControl.attachPolicyToRole(editorPolicy.id, editorRoleId); await accessControl.assignRoleToUser(adminUser.id, adminRoleId); await accessControl.assignRoleToUser(editorUser.id, editorRoleId); console.log("โœ“ Assigned roles and policies"); console.log("\n๐Ÿงช Permission Tests:"); const adminCanDelete = await accessControl.hasAccess(adminUser.id, "delete", "document/123"); console.log(` Admin can delete: ${adminCanDelete ? "โœ…" : "โŒ"}`); const editorCanRead = await accessControl.hasAccess(editorUser.id, "read", "document/123", { department: "engineering" }); console.log(` Editor can read (with context): ${editorCanRead ? "โœ…" : "โŒ"}`); const editorCannotRead = await accessControl.hasAccess(editorUser.id, "read", "document/123", { department: "hr" }); console.log(` Editor cannot read (wrong context): ${!editorCannotRead ? "โœ…" : "โŒ"}`); const editorCannotDelete = await accessControl.hasAccess(editorUser.id, "delete", "document/critical/data"); console.log(` Editor cannot delete critical: ${!editorCannotDelete ? "โœ…" : "โŒ"}`); const contractorCanAccess = await accessControl.hasAccess(contractorUser.id, "read", "project/temp/file", { contractorId: "C12345" }); console.log(` Contractor time-based access: ${contractorCanAccess ? "โœ…" : "โŒ"}`); console.log("\nโœ… Validation Example:"); try { new index_1.PolicyBuilder(`invalid-${(0, uuid_1.v4)()}`) .allow(["read"]) .build(); } catch (error) { console.log(`โœ“ Caught validation error: ${error.message}`); } } catch (error) { console.error("โŒ Error:", error); process.exit(1); } } if (require.main === module) { runComprehensiveExample() .then(() => console.log("\n๐Ÿš€ Ready to use RBAC Engine!")) .catch(console.error); } //# sourceMappingURL=comprehensive-example.js.map