An authorisation and access control library based on JSON Schema.
Using NPM
npm install canornot --saveUsing Yarn
yarn add canornotExample ABAC module based on Canornot
const Canornot = require('canornot');
const datastore = require('some-kind-of-datastore');
// A policy that allows getting your own user details, and editing companies
// in your list of company ids
const policySchema = {
properties: {
'user:get': {
$ref: 'actor#/properties/user_id'
},
'company:edit': {
$ref: 'actor#/properties/company_ids'
}
}
};
function getActorSchema(user_id) {
return datastore.fetchUserById(user_id)
.then(user => {
return {
id: 'actor',
description: 'Actor Properties',
type: 'object',
additionalProperties: false,
properties: {
user_id: {
type: 'number',
enum: [user.id]
},
company_ids: {
type: 'number',
enum: user.company_ids
}
}
};
});
}
}
module.exports = options => {
return new Canornot({
actorSchema: getActorSchema(options.user_id),
policySchema: policySchema
});
};Example use of the above ABAC module
//This is our ABAC module based on Canornot
const abac = require('./abac.js');
// Create a check method using the provided details (user_id)
const permission = abac({user_id: 12344});
// Permission is allowed here
permission.can('user:get', 12344)
.then(() => console.log('Permission allowed!'))
.catch(() => console.log('Permission denied!'));
// Permission is denied here!
permission.can('user:get', 99999)
.then(() => console.log('Permission allowed!'))
.catch(() => console.log('Permission denied!'));Via GitHub issue tracker
MIT (See LICENCE file)