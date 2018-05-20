Authorize easily.

CanCan provides a simple API for handling authorization of actions. Permissions are defined and validated using simple allow() and can() functions respectively.

CanCan is inspired by Ryan Bates' cancan.

Installation

$ npm install

Usage

const CanCan = require ( 'cancan' ); const cancan = new CanCan(); const {allow, can} = cancan; class User {} class Product {} allow(User, 'view' , Product); const user = new User(); const product = new Product(); can(user, 'view' , product); can(user, 'edit' , product);

API

Adds a new access rule.

model

Type: class ( function )

Configure the rule for instances of this class.

action

Type: array|string

Name(s) of actions to allow. If action name is manage , it allows any action.

target

Type: array|class|string

Scope this rule to the instances of this class. If value is "all" , rule applies to all models.

condition

Type: object|function

Optional callback to apply additional checks on both target and action performers.

Examples:

allow(User, 'view' , Post, { public : true }); allow(User, [ 'edit' , 'delete' ], Post, (user, post) => post.authorId === user.id); allow(Editor, 'manage' , Post); allow(AdminUser, 'manage' , 'all' );

Checks if the action is possible on target by instance .

instance

Type: object

Instance that wants to perform the action.

action

Type: string

Action name.

target

Type: object

Target against which the action would be performed.

options

Type: object

Additional data for the rule condition.

Examples:

const user = new User(); const post = new Post(); can(user, 'view' , post);

With the use of 'options' parameter

const admin = new User({ role : 'administrator' }); const user = new User({ role : 'user' }); allow(User, 'update' , User, (user, target, options) => { if (user.role === 'administrator' ) { return true ; } if (user.role === 'user' && options.fields.includes( 'role' )) { return false ; } return true ; }); can(admin, 'update' , user, { fields : [ 'role' ]); can(user, 'update' , user, { fields : [ 'username' ]); can(user, 'update' , user, { fields : [ 'role' ]);

Inverse of .can() .

Same as .can() , but throws an error instead of returning false .

License

MIT © Vadim Demedes