π Simple library that supports access control models like ACL, RBAC, ABAC in Frontend Javascript.
npm i --save-exact @diaskappassov/[email protected]
You can see all usage examples in examples directory.
To understand what the model
and policy
read https://casbin.org/docs/syntax-for-models/
import { CAuthorizer } from "@diaskappassov/casbin-js";
const model = `
# Request definition
[request_definition]
# Can subject, do_action, on_object
r = sub, act, obj
# Policy definition
[policy_definition]
p = sub, act, obj
# Role definition
[role_definition]
g = _, _
# Policy effect
[policy_effect]
e = some(where (p.eft == allow))
# Matchers
[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
`;
const policy = [
["p", "cat", "walk", "ground"],
["p", "cat", "run", "ground"],
["p", "cat", "swim", "water"],
["p", "cat", "breathe", "air"],
["p", "bird", "fly", "air"],
["p", "bird", "breathe", "air"],
["p", "bird", "walk", "ground"],
["p", "fish", "swim", "water"],
["p", "fish", "breathe", "water"],
];
const Authorizer = new CAuthorizer();
Authorizer.init(model, policy);
You can check permissions with can
, canAll
, canAny
methods, but before that YOU MUST INITIALIZE Authorizer
.
Important
The order of your request elements must follow the rules which you set in model
. See more: https://casbin.org/docs/syntax-for-models#request-definition
Warning
If the Authorizer
is not initialized it throws error
await Authorizer.can(["fish", "fly", "air"]); // false
await Authorizer.can(["fish", "swim", "ground"]); // false
await Authorizer.can(["fish", "swim", "water"]); // true
await Authorizer.can(["cat", "swim", "water"]); // true
await Authorizer.can(["bird", "run", "ground"]); // false
await Authorizer.can(["cat", "run", "ground"]); // true
// returns `false` cause one of conditions returned `false`
await Authorizer.canAll([
["cat", "breathe", "air"],
["fish", "breathe", "air"],
]);
// returns `true` cause all conditions returned `true`
await Authorizer.canAll([
["cat", "breathe", "air"],
["bird", "breathe", "air"],
]);
// returns `true` cause one of conditions returned `true`
await authorizer.canAny([
["cat", "breathe", "air"],
["fish", "breathe", "air"],
]);
// returns `false` cause all conditions returned `false`
await authorizer.canAny([
["cat", "fly", "air"],
["fish", "fly", "air"],
]);