Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

connect-accesscontrol

futurechan24ISC1.1.3

An access control list middleware

readme

An access control list middleware

Inspired by acl

Status

BuildStatus DependencyStatus

Installation

Using npm:

npm install connect-accesscontrol

Documentation

Examples

var Acl = require('connect-accesscontrol')
  , acl = new Acl()
;
### allow() ```javascript acl.allow([ { roles:['someRole'], allows:[ { resources:'/resource1', permissions:'get' }, { resources:'/resource2', permissions:['get', 'post', 'put'] }, { resources:'/resource3', permissions:'*' } ] } ]) ``` Permissions can be a single verb, an array of verbs. If you want to grant any action to a role, you can use '*'.

Regular expression are also supported

acl.allow([
  {
    roles:['someRole'], 
    allows:[
      { resources:'/resource1(/[0-9]+)?', permissions:['get', 'post', 'put'] },
      { resources:'/resource2(/[0-9]+)?', permissions:['get', 'post', 'put'] }
    ]
  }
])

Do not include ^ and $. Those will be added for you.

You can also omit access to the parent resource while allowing access to the subresource

acl.allow([
  {
    roles:['someOtherRole'], 
    allows:[
      {resources:'/resource/[0-9]+/subresource/[0-9]+', permissions:['get', 'post', 'put']}
    ]
  }
])
 ### check() ```javascript acl.check(roles, resource, permission) roles { String | Array } resource { String } permission { String } 

<a name="middleware"/>
### middleware()
```javascript
app.use(acl.middleware(opts));

Options

  roleProvider          { Function } /* defaults to function(req){ return req.user.roles;}             */
  resourceProvider      { Function } /* defaults to function(req){ return req.url;}                    */
  permissionProvider    { Function } /* defaults to function(req){ return req.method.toLowerCase();}   */