carbond.security.Acl¶
Description for Acl goes here
Properties¶
- ¶
entries objectDefault []Description This defines the actual access control list for the ACL as an array of entry objects each having a user specifier and a set of permissions. Each user specifier is either of the form user: <userId>or of the formuser: {<group-name>: <value>}wheregroup-nameis one of the groups defined ingroupDefinitions. Each permission object is a mapping of a permisson (defined inpermissionDefinitions) to a permission predicate. Permission predicates are either simple boolean values or a function that takes a user object and returns a boolean value.
- ¶
groupDefinitions objectDefault {}Description This defines the set of group names that will be used in the ACL. Each entry defines a group by mapping it to a property path, as a string, or a function that takes a user and returns a value. If provided with a property path the path is evaluated against the authenticated user when checking ACL permissions. By default there always exists a group with the nameuserto allow for individual users to be specified in ACL entries.
- ¶
permissionDefinitions objectDefault {}Description This defines the set of permissions that can be used in this ACL by mapping default permission names, as strings, to default values in the form of permission predicates. Permission predicates are either simple boolean values or a function that takes a user object and returns a boolean value.
Methods¶
- ¶
and (acl) Arguments acl ( object): Lorem ipsum dolor sit ametReturns booleanDescriptions Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolo re magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Du is a ute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cu pidatat non proi dent, sunt in culpa qui officia deserunt mollit anim id est laborum.
- ¶
hasPermission (user, permission, env) Arguments user ( string): Lorem ipsum dolor sit amet
permission (string): Lorem ipsum dolor sit amet
env (object): Lorem ipsum dolor sit ametReturns booleanDescriptions Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolo re magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Du is a ute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cu pidatat non proi dent, sunt in culpa qui officia deserunt mollit anim id est laborum.
- ¶
or (acl) Arguments acl ( object): Lorem ipsum dolor sit ametReturns booleanDescriptions Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolo re magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Du is a ute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cu pidatat non proi dent, sunt in culpa qui officia deserunt mollit anim id est laborum.
{
permissionDefinitions: { // map of permissions to defaults boolean values
<string>: <permission-predicate>(boolean | function)
},
groupDefinitions: {
<string>: <string> // map of group names to property paths (or function(user) --> value )
},
entries: [ // actual ACL entries
{
user: <user-spec> {
permissions: {
<permission>: <function> | <boolean>
}
}
]
}
Example
{
permissionDefinitions: { // This ACL has two permissions, read and write
read: false,
write: false
},
groupDefinitions: { // This ACL defines three groups, role, title, and region
role: 'role',
title: function(user) { return user.title; },
region: 'address.zip'
},
entries: [
{
user: { role: "Admin" },
permissions: {
"*": true
}
},
{
user: { title: "CFO" },
permissions: {
read: true,
write: true
}
},
{
user: 1234,
permissions: {
read: true,
write: false
}
}
]
}