A JavaScript ACL
MIT License
The Guard.js is a simple super-tiny (< 50 LoC in CoffeeScript) yet powerful ACL library for JavaScript with no external dependencies at all. It's heavily inspired in Declarative Authorization for Ruby.
It's in a super-alpha state, so any contributions/suggestions/comments are more than welcome. It's all about making it better!.. :)
In short, it allows you to tell which user can access which resource, in JavaScript.
Include the-guard.js and its dependencies:
Then you need to provide some rules. Here's an example of how your rules may look like:
// Define your rules
var rules = {
guest: {
users: {
create: true
}
},
user: {
users: {
create: true,
read: function(user, the_guard) {
if (user == null) {
return false;
}
return the_guard.current_user.id === user.id;
},
update: function(user, the_guard) {
if (user == null) {
return false;
}
return the_guard.current_user.id === user.id;
}
}
},
admin: {
users: {
create: true,
read: true,
update: true,
"delete": true
},
another_resource: {
create: true,
read: true,
update: true,
"delete": true
}
}
};
// Make sure we have a user...
var user = new User(2, ["user"]);
// Create a guard
var the_guard = new TheGuard(rules);
the_guard.current_user = user;
// Ask for something! ;)
the_guard.can('read', 'users', user)
Great! :) Just clone the repo, make your own branch and make a pull-request!.. All changes are welcome. :)