{"id":21311964,"url":"https://github.com/vhidvz/abacl","last_synced_at":"2025-04-09T19:17:05.926Z","repository":{"id":37071672,"uuid":"489397994","full_name":"vhidvz/abacl","owner":"vhidvz","description":"Attribute Based Access Control Library","archived":false,"fork":false,"pushed_at":"2025-04-09T05:13:15.000Z","size":1714,"stargazers_count":37,"open_issues_count":12,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-09T19:17:00.785Z","etag":null,"topics":["abac","access-control","acl","attribute-based","attribute-based-access-control","authorization","permissions"],"latest_commit_sha":null,"homepage":"https://vhidvz.github.io/abacl/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vhidvz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-06T15:06:35.000Z","updated_at":"2025-04-09T05:11:11.000Z","dependencies_parsed_at":"2023-10-03T01:17:46.484Z","dependency_job_id":"334d8842-17f0-4ddc-a794-fec90471dcd0","html_url":"https://github.com/vhidvz/abacl","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.2885572139303483,"last_synced_commit":"5fa3eaca7c8ba451d2b734be4010371da7a45773"},"previous_names":[],"tags_count":78,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vhidvz%2Fabacl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vhidvz%2Fabacl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vhidvz%2Fabacl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vhidvz%2Fabacl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vhidvz","download_url":"https://codeload.github.com/vhidvz/abacl/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248094988,"owners_count":21046770,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abac","access-control","acl","attribute-based","attribute-based-access-control","authorization","permissions"],"created_at":"2024-11-21T17:22:49.014Z","updated_at":"2025-04-09T19:17:05.875Z","avatar_url":"https://github.com/vhidvz.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Attribute-Based Access Control Library\n\n[![npm](https://img.shields.io/npm/v/abacl)](https://www.npmjs.com/package/abacl)\n[![Coverage](https://raw.githubusercontent.com/vhidvz/abacl/master/coverage-badge.svg)](https://htmlpreview.github.io/?https://github.com/vhidvz/abacl/blob/master/docs/coverage/lcov-report/index.html)\n![npm](https://img.shields.io/npm/dm/abacl)\n[![GitHub](https://img.shields.io/github/license/vhidvz/abacl?style=flat)](https://vhidvz.github.io/abacl/)\n[![Gitter](https://badges.gitter.im/npm-abacl/community.svg)](https://gitter.im/npm-abacl/community?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge)\n[![documentation](https://img.shields.io/badge/documentation-click_to_read-c27cf4)](https://vhidvz.github.io/abacl/)\n[![Build, Test and Publish](https://github.com/vhidvz/abacl/actions/workflows/npm-ci.yml/badge.svg)](https://github.com/vhidvz/abacl/actions/workflows/npm-ci.yml)\n\nThe Attribute-Based Access-Control Library let you define five `can` access ability:\n\n- Who can? the answer is `subject` - Like RBAC a user can have multiple subjects.\n- How can it? the answer is `action` - You can define `any` actions you want (scoped).\n- What can? the answer is `object` - You can define `all` objects you want (scoped).\n- Where can? the answer is `location` - With IP and CIDR you can find the location of users.\n- When can it? the answer is `time` - objects availabilities with cron expression and a duration.\n\n## ABAC vs RBAC?\n\n| **Question** | **RBAC** | **ABAC** |\n| ------------------ | --------------------------------- | ------------------------------------------- |\n| Who can access? | :white_check_mark: | :heavy_check_mark: With more options |\n| How can operate? | :white_check_mark: CRUD | :heavy_check_mark: With more options |\n| What resource? | :white_check_mark: Not Bad At All | :heavy_check_mark: More control on resource |\n| Where user can do? | :x: | :heavy_check_mark: Supported by IP and CIDR |\n| When user can do? | :x: | :heavy_check_mark: Supported by CRON |\n| Best structure? | Monolithic Apps | PWA, Restful, GraphQL |\n| Suitable for? | Small and medium projects | Medium and large projects |\n\n### What's Scope?\n\n- look at carefully; scan.\n- assess or investigate something.\n\nIn this library, We scoped `action`, `object` and `subject` which means you can have more control over these attributes.\n\n**Note:** if you want to have more control over the scoped attributes send at most three character of the first `subject`, `action`, or `object` for example `so` or `sub|obj` it means `subject` and `object` are in `strict` mode.\n\n## Quick Start Guide\n\n### installation\n\n```sh\nnpm install --save abacl\n```\n\n### Usage and Dangling\n\nDefine your user policies as a json array (so you can store it in your database):\n\n```ts\nimport { Policy } from 'abacl';\n\nenum Role {\n Admin = 'admin',\n User = 'user',\n Guest = 'guest',\n Manager = 'manager',\n}\n\nconst policies: Policy\u003cRole\u003e[] = [\n {\n subject: Role.Admin,\n action: 'any',\n object: 'all',\n },\n {\n subject: Role.Guest,\n action: 'read',\n object: 'article:published',\n },\n {\n subject: Role.Guest,\n action: 'create:own',\n object: 'article:published',\n },\n {\n subject: Role.Manager,\n action: 'any',\n object: 'article',\n },\n {\n subject: Role.User,\n action: 'create:own',\n object: 'article',\n field: ['*', '!owner'],\n location: ['192.168.2.10', '192.168.1.0/24'],\n time: [\n {\n cron_exp: '* * 7 * * *', // from 7 AM\n duration: 9 * 60 * 60, // for 9 hours\n },\n ],\n },\n {\n subject: Role.User,\n action: 'read:own',\n object: 'article',\n },\n {\n subject: Role.User,\n action: 'read:shared',\n object: 'article',\n filter: ['*', '!owner'],\n },\n {\n subject: Role.User,\n action: 'delete:own',\n object: 'article',\n },\n {\n subject: Role.User,\n action: 'update:own',\n object: 'article',\n field: ['*', '!id', '!owner'],\n },\n];\n```\n\nArticle and User definition objects:\n\n```ts\nconst user = {\n id: 1,\n subject: Role.User,\n ip: '192.168.1.100',\n};\n\nconst article = {\n id: 1,\n owner: 'user1',\n title: 'title',\n content: 'content',\n};\n```\n\nCreate a new access control object, then get the permission grants:\n\n```ts\nimport AccessControl from 'abacl';\n\n// The `strict` `AccessControlOption` control the scoped functionality\n// default strict value is true, you can change it on the `can` method\n\nconst ac = new AccessControl(policies, { strict: false });\nconst permission = await ac.can([user.subject], 'read', 'article');\n\n// change strict mode dynamically, Example:\n// const strictPermission = await ac.can([user.subject], 'read', 'article', { strict: true });\n\n/**\n * it('should change strict mode dynamically', () =\u003e {\n * const ac = new AccessControl(policies, { strict: true });\n *\n * expect(await ac.can([Role.User], 'read', 'article:published').granted).toBeFalsy();\n *\n * // After changing strict mode\n * expect(await ac.can([Role.User], 'read', 'article:published', { strict: false }).granted).toBeTruthy();\n * });\n *\n * */\n\nif (permission.granted) {\n // default scope for action and object is `any` and `all`\n\n if (permission.has({ action: 'read:own' })) {\n // user has read owned article objects\n }\n\n if (permission.has({ action: 'read:shared' })) {\n // user can access shared article objects\n }\n\n if (permission.has({ object: 'article:published' })) {\n // user can access shared article objects\n }\n\n // do something ...\n\n // return filtered data based on the permission\n const response = await permission.filter(article);\n}\n```\n\nTime and location access check example:\n\n```ts\nimport { AccessControl, Permission } from 'abacl';\n\n// default `strict` value is true\nconst ac = new AccessControl(policies, { strict: true });\n\nconst permission = await ac.can([user.subject], 'create', 'article', {\n callable: (perm: Permission) =\u003e {\n return perm.location(user.ip) \u0026\u0026 perm.time();\n },\n});\n\nif (permission.granted) {\n const inputData = await permission.field(article);\n\n // the `inputData` has not `owner` property\n // do something and then return results to user\n}\n```\n\n## Related Project\n\n- [abacl-redis](https://www.npmjs.com/package/abacl-redis) redis storage driver.\n\n## Thanks a lot\n\n[accesscontrol](https://www.npmjs.com/package/accesscontrol) - Role and Attribute based Access Control for Node.js\n\n[CASL](https://casl.js.org/) is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access.\n\n## License\n\n[MIT](https://github.com/vhidvz/abacl/blob/master/LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvhidvz%2Fabacl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvhidvz%2Fabacl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvhidvz%2Fabacl/lists"}