groupcore-utils 2.0.0 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- package/README.md +13 -0
- package/package.json +1 -1
- package/rbac/index.js +32 -0
package/README.md
CHANGED
|
@@ -324,6 +324,19 @@ Initialize db with this and pass the object to the CRUD class constructor
|
|
|
324
324
|
*/
|
|
325
325
|
```
|
|
326
326
|
|
|
327
|
+
### RBAC
|
|
328
|
+
```
|
|
329
|
+
require('@groupcollab/core-utils/rbac')
|
|
330
|
+
|
|
331
|
+
/**
|
|
332
|
+
* @method validateAction()
|
|
333
|
+
* @description validate the action to be carried out
|
|
334
|
+
* @param {number} id - the main id
|
|
335
|
+
* @param {number} compareId - id to be compared
|
|
336
|
+
* @returns {Promise<void>}
|
|
337
|
+
*/
|
|
338
|
+
```
|
|
339
|
+
|
|
327
340
|
### Testing
|
|
328
341
|
```
|
|
329
342
|
npm run test
|
package/package.json
CHANGED
package/rbac/index.js
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
const EasyRbac = require('easy-rbac');
|
|
2
|
+
|
|
3
|
+
module.exports = class {
|
|
4
|
+
/**
|
|
5
|
+
* @method validateAction()
|
|
6
|
+
* @description validate the action to be carried out
|
|
7
|
+
* @param {number} id - the main id
|
|
8
|
+
* @param {number} compareId - id to be compared
|
|
9
|
+
* @returns {Promise<void>}
|
|
10
|
+
*/
|
|
11
|
+
async validateAction({ id, compareId }) {
|
|
12
|
+
const rbac = new EasyRbac({
|
|
13
|
+
user: {
|
|
14
|
+
can: [
|
|
15
|
+
{
|
|
16
|
+
name: 'do',
|
|
17
|
+
when: async (params) => params.id === params.compareId,
|
|
18
|
+
},
|
|
19
|
+
],
|
|
20
|
+
},
|
|
21
|
+
});
|
|
22
|
+
|
|
23
|
+
const response = await rbac.can('user', 'do', {
|
|
24
|
+
id,
|
|
25
|
+
compareId,
|
|
26
|
+
});
|
|
27
|
+
|
|
28
|
+
if (!response) {
|
|
29
|
+
throw new Error('User not authorized to perform this action!');
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
};
|