Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

A JavaScript ACL

License

NotificationsYou must be signed in to change notification settings

dariocravero/the-guard.js

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

The Guard.js is a simple super-tiny (< 50 LoC in CoffeeScript) yet powerfulACL library for JavaScript with no external dependencies at all. It's heavily inspired inDeclarative Authorization for Ruby.

It's in a super-alpha state, so any contributions/suggestions/comments are more than welcome. It's all about making it better!.. :)

Why would I want this?

In short, it allows you to tell which user can access which resource, in JavaScript.

How to use it?

Include the-guard.js and its dependencies:

  • An MD5 library.There's one in the vendor folder you can use.I got it a while ago, minified it and can't remember where I took it from so if you can tell the author/src please tell me! Thankslindsayevans for the tip on the author!.. :)
  • A user object. There's a libray agnostic user object, andBackbone andSpine sample models. All you really need is a roles method that returns an array of strings which are your roles.

Then you need to provide some rules. Here's an example of how your rules may look like:

// Define your rulesvar rules = {    guest: {      users: {        create: true      }    },    user: {      users: {        create: true,        read: function(user, the_guard) {          if (user == null) {            return false;          }          return the_guard.current_user.id === user.id;        },        update: function(user, the_guard) {          if (user == null) {            return false;          }          return the_guard.current_user.id === user.id;        }      }    },    admin: {      users: {        create: true,        read: true,        update: true,        "delete": true      },      another_resource: {        create: true,        read: true,        update: true,        "delete": true      }    }  }; // Make sure we have a user...var user = new User(2, ["user"]); // Create a guardvar the_guard = new TheGuard(rules);the_guard.current_user = user; // Ask for something! ;)the_guard.can('read', 'users', user)

TODO

  • Implement context evaluation on functions.
  • Implement Backbone/Spine/put-your-framework-here helpers to provide out-of-the-box permission checking on any Models, Controllers/Routers and Views.
  • Improve security?
  • Provide a way to connect with a backend to do the permission checking instead.
  • Improve the docs. Write proper examples.
  • Write more tests.

Want to help?

Great! :) Just clone the repo, make your own branch and make a pull-request!.. All changes are welcome. :)

About

A JavaScript ACL

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published
[8]ページ先頭
©2009-2025 Movatter.jp