{"id":17676356,"url":"https://github.com/stylet/angularjs-acl","last_synced_at":"2025-05-12T22:10:02.886Z","repository":{"id":57179889,"uuid":"41961653","full_name":"StyleT/angularjs-acl","owner":"StyleT","description":"Provides a lightweight and flexible ACL implementation for privileges management in AngularJS","archived":false,"fork":false,"pushed_at":"2016-05-31T16:13:31.000Z","size":43,"stargazers_count":12,"open_issues_count":2,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-09T19:19:42.834Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/StyleT.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-09-05T13:20:43.000Z","updated_at":"2022-04-19T09:31:51.000Z","dependencies_parsed_at":"2022-09-14T03:20:55.265Z","dependency_job_id":null,"html_url":"https://github.com/StyleT/angularjs-acl","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StyleT%2Fangularjs-acl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StyleT%2Fangularjs-acl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StyleT%2Fangularjs-acl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StyleT%2Fangularjs-acl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/StyleT","download_url":"https://codeload.github.com/StyleT/angularjs-acl/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249942425,"owners_count":21349019,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-24T07:25:20.632Z","updated_at":"2025-04-20T18:32:58.122Z","avatar_url":"https://github.com/StyleT.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Angular ACL\n\n[![Build Status](https://travis-ci.org/StyleT/angularjs-acl.svg?branch=master)](https://travis-ci.org/StyleT/angularjs-acl)\n[![License](https://img.shields.io/badge/license-BSD--3--Clause-blue.svg)](https://github.com/StyleT/angularjs-acl/blob/master/LICENSE)\n\n---\n\n## About\nAngular ACL _(Access Control List)_ is a service that allows you to protect/show content based on the current user's assigned role(s),\nand those role(s) permissions (abilities).\n\nFor the purposes of this documentation:\n- a **resource** is an object to which access is controlled.\n- a **role** is an object that may request access to a Resource.\n\nPut simply, **roles request access to resources**. For example, if a parking attendant requests access to a car,\nthen the parking attendant is the requesting role, and the car is the resource, since access to the car may not be granted to everyone.\n\nThrough the specification and use of an ACL, an application may control how roles are granted access to resources.\n\n## Quick Examples\nFirst you need to install this library :) It's available via bower or npm:\n- `npm install --save angularjs-acl`\n- `bower install --save angularjs-acl`\nand add a `\u003cscript\u003e` to your `index.html`:\n```html\n\u003c!-- For bower --\u003e\n\u003cscript src=\"/bower_components/angularjs-acl/dist/acl.js\"\u003e\u003c/script\u003e\n\n\u003c!-- For npm --\u003e\n\u003cscript src=\"/node_modules/angularjs-acl/dist/acl.js\"\u003e\u003c/script\u003e\n```\n\n#### Set Data\nAdd `ng-acl` to your app module's dependencies \u0026 setup the `AclService` in `run()` block.\n```js\nangular.module('myApp', ['ng-acl']);\n\napp.run(['AclService', function (AclService) {\n    //All these actions you also can do in the middle of app execution\n    AclService.addRole('guest');\n    AclService.addRole('user', 'guest');\n    AclService.addRole('admin', 'user');\n\n    AclService.addResource('Post');\n    AclService.addResource('Users');\n    AclService.addResource('AdminPanel');\n\n    AclService.allow('guest', 'Post', 'view');\n\n    //Users can edit edit their own posts \u0026 view it because user inherits all guest permissions\n    AclService.allow('user', 'Post', 'edit', function (role, resource, privilege) {\n        return resource.authorId === role.id;\n    });\n\n    //Full access to all actions that available for Post\n    AclService.allow('admin', 'Post');\n    AclService.allow('admin', 'AdminPanel');\n\n    //Let's assume that you have some user object that implements AclRoleInterface. This is optional feature.\n    var user = {\n        id: 1,\n        name: 'Duck',\n        getRoles: function () {\n            return ['user'];\n        },\n    };\n    AclService.setUserIdentity(user);\n}]);\n```\n\n#### Protect a route\n\nIf the current user tries to go to the `/admin_panel` route, they will be redirected because the current user is a `user`, and `AdminPanel` is not one of a member role's abilities.\n\nHowever, when the user goes to `/posts/2`, route will work as normal, since the user has permission.\n\n```js\napp.config(['$routeProvider', function ($routeProvider) {\n  $routeProvider\n    .when('/admin_panel', {\n      resolve : {\n        'acl' : ['$q', 'AclService', function($q, AclService){\n          if(AclService.can('AdminPanel')){\n            // Has proper permissions\n            return true;\n          } else {\n            // Does not have permission\n            return $q.reject('Unauthorized');\n          }\n        }]\n      }\n    });\n    .when('/posts/:id', {\n      resolve : {\n        'acl' : ['$q', 'AclService', function($q, AclService){\n          if (AclService.can('Post', 'view')) {\n            return true;\n          } else {\n            return $q.reject('Unauthorized');\n          }\n        }]\n      }\n    });\n}]);\n\napp.run(['$rootScope', '$location', function ($rootScope, $location) {\n  // If the route change failed due to our \"Unauthorized\" error, redirect them\n  $rootScope.$on('$routeChangeError', function(current, previous, rejection){\n    if(rejection === 'Unauthorized'){\n      $location.path('/');\n    }\n  })\n}]);\n```\n\n#### Manipulate a Template\n\nThe edit link in the template below will be shown, because the current user is a `user`, and `Post` which was created by our user is one of a his role's abilities.\n\n###### Controller\n\n```js\napp.controller('DemoCtrl', ['$scope', 'AclService', function ($scope, AclService) {\n    $scope.can = AclService.can;\n    $scope.post = {\n        id: 1,\n        authorId: 1,\n        name: 'Demo post',\n        getResourceId: function () { //AclResourceInterface implementation\n            return 'Post';\n        }\n    };\n}]);\n```\n\n###### Template\n\n```html\n\u003ch1\u003e{{ post.name }}\u003c/h1\u003e\n\u003ca ng-href=\"posts/{{ post.id }}/edit\" ng-show=\"can(post, 'edit')\"\u003eEdit\u003c/a\u003e\n```\n\n## How secure is this?\n\nA great analogy to ACL's in JavaScript would be form validation in JavaScript.  Just like form validation, ACL's in the\nbrowser can be tampered with. However, just like form validation, ACL's are really useful and provide a better experience\nfor the user and the developer. Just remember, **any sensitive data or actions should require a server (or similar) as the final authority**.\n\n#### Example Tampering Scenario\n\nThe current user has a role of \"guest\".  A guest is not able to \"create_users\".  However, this sneaky guest is clever\nenough to tamper with the system and give themselves that privilege. So, now that guest is at the \"Create Users\" page,\nand submits the form. The form data is sent the the server and the user is greeted with an \"Access Denied: Unauthorized\"\nmessage, because the server also checked to make sure that the user had the correct permissions.\n\nAny sensitive data or actions should integrate a server check.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstylet%2Fangularjs-acl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstylet%2Fangularjs-acl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstylet%2Fangularjs-acl/lists"}