UNPKG

rbac-engine

Version:

Role-based access control engine with policy-based permissions

142 lines 6.15 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); const client_dynamodb_1 = require("@aws-sdk/client-dynamodb"); const index_1 = require("../index"); const dynamodb_repo_1 = require("../db/dynamodb-repo"); const uuid_1 = require("uuid"); const dynamoClient = new client_dynamodb_1.DynamoDBClient({ region: "us-east-1", }); const accessControl = new index_1.AccessControl(dynamoClient, dynamodb_repo_1.DynamoDBRepository); async function run() { try { console.log("Setting up tables..."); await accessControl.init(); const adminRoleId = (0, uuid_1.v4)(); const editorRoleId = (0, uuid_1.v4)(); const viewerRoleId = (0, uuid_1.v4)(); const adminPolicyId = (0, uuid_1.v4)(); const editorPolicyId = (0, uuid_1.v4)(); const viewerPolicyId = (0, uuid_1.v4)(); console.log("Creating roles..."); await accessControl.createRole({ id: adminRoleId, name: "Admin" }); await accessControl.createRole({ id: editorRoleId, name: "Editor" }); await accessControl.createRole({ id: viewerRoleId, name: "Viewer" }); console.log("Creating policies..."); const adminPolicyDocument = { Version: "2023-11-15", Statement: [ { Effect: index_1.Effect.Allow, Action: ["*"], Resource: ["*"] } ] }; await accessControl.createPolicy({ id: adminPolicyId, document: adminPolicyDocument }); const editorPolicyDocument = { Version: "2023-11-15", Statement: [ { Effect: index_1.Effect.Allow, Action: ["read", "create", "update"], Resource: ["document/*"] } ] }; await accessControl.createPolicy({ id: editorPolicyId, document: editorPolicyDocument }); const viewerPolicyDocument = { Version: "2023-11-15", Statement: [ { Effect: index_1.Effect.Allow, Action: ["read"], Resource: ["document/*"] } ] }; await accessControl.createPolicy({ id: viewerPolicyId, document: viewerPolicyDocument }); console.log("Attaching policies to roles..."); await accessControl.attachPolicyToRole(adminPolicyId, adminRoleId); await accessControl.attachPolicyToRole(editorPolicyId, editorRoleId); await accessControl.attachPolicyToRole(viewerPolicyId, viewerRoleId); console.log("Creating users..."); const adminUser = await accessControl.createUser({ id: (0, uuid_1.v4)(), name: "Admin User" }); const editorUser = await accessControl.createUser({ id: (0, uuid_1.v4)(), name: "Editor User" }); const viewerUser = await accessControl.createUser({ id: (0, uuid_1.v4)(), name: "Viewer User" }); console.log("Assigning roles to users..."); await accessControl.assignRoleToUser(adminUser.id, adminRoleId); await accessControl.assignRoleToUser(editorUser.id, editorRoleId); await accessControl.assignRoleToUser(viewerUser.id, viewerRoleId); console.log("Testing access control..."); const adminCanCreate = await accessControl.hasAccess(adminUser.id, "create", "document/123"); console.log(`Admin can create document: ${adminCanCreate}`); const adminCanDelete = await accessControl.hasAccess(adminUser.id, "delete", "document/123"); console.log(`Admin can delete document: ${adminCanDelete}`); const editorCanCreate = await accessControl.hasAccess(editorUser.id, "create", "document/123"); console.log(`Editor can create document: ${editorCanCreate}`); const editorCanUpdate = await accessControl.hasAccess(editorUser.id, "update", "document/123"); console.log(`Editor can update document: ${editorCanUpdate}`); const editorCanDelete = await accessControl.hasAccess(editorUser.id, "delete", "document/123"); console.log(`Editor can delete document: ${editorCanDelete}`); const viewerCanRead = await accessControl.hasAccess(viewerUser.id, "read", "document/123"); console.log(`Viewer can read document: ${viewerCanRead}`); const viewerCanUpdate = await accessControl.hasAccess(viewerUser.id, "update", "document/123"); console.log(`Viewer can update document: ${viewerCanUpdate}`); console.log("Testing with conditions..."); const conditionalPolicyId = (0, uuid_1.v4)(); const conditionalPolicy = { Version: "2023-11-15", Statement: [ { Effect: index_1.Effect.Allow, Action: ["read"], Resource: ["sensitive-document/*"], Condition: { department: "finance" } } ] }; await accessControl.createPolicy({ id: conditionalPolicyId, document: conditionalPolicy }); await accessControl.attachPolicyToRole(conditionalPolicyId, viewerRoleId); const viewerFinanceContext = await accessControl.hasAccess(viewerUser.id, "read", "sensitive-document/budget", { department: "finance" }); console.log(`Viewer from finance can read sensitive document: ${viewerFinanceContext}`); const viewerHRContext = await accessControl.hasAccess(viewerUser.id, "read", "sensitive-document/budget", { department: "hr" }); console.log(`Viewer from HR can read sensitive document: ${viewerHRContext}`); console.log("Example completed successfully!"); } catch (error) { console.error("Error in example:", error); } } run(); //# sourceMappingURL=dynamodb-basic.js.map