Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dariocravero/the-guard.js
A JavaScript ACL
https://github.com/dariocravero/the-guard.js
Last synced: about 2 months ago
JSON representation
A JavaScript ACL
- Host: GitHub
- URL: https://github.com/dariocravero/the-guard.js
- Owner: dariocravero
- License: mit
- Created: 2011-10-15T20:50:42.000Z (almost 13 years ago)
- Default Branch: master
- Last Pushed: 2011-10-25T09:38:01.000Z (almost 13 years ago)
- Last Synced: 2024-02-17T15:33:14.447Z (7 months ago)
- Language: JavaScript
- Homepage:
- Size: 91.8 KB
- Stars: 39
- Watchers: 3
- Forks: 0
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# The Guard.js
*The Guard.js* is a simple super-tiny (< 50 LoC in CoffeeScript) yet powerful [ACL](http://en.wikipedia.org/wiki/Access_control_list) library for JavaScript with no external dependencies at all. It's heavily inspired in [Declarative Authorization](https://github.com/stffn/declarative_authorization) for Ruby.
It's in a super-alpha state, so any contributions/suggestions/comments are more than welcome. It's all about making it better!.. :)
## Why would I want this?
*In short, it allows you to tell which user can access which resource, in JavaScript.*
## How to use it?
Include the-guard.js and its dependencies:
* **An MD5 library.** [There's one](http://www.myersdaily.org/joseph/javascript/md5-text.html) in the vendor folder you can use. ~~I got it a while ago, minified it and can't remember where I took it from so if you can tell the author/src please tell me!~~ Thanks [lindsayevans](https://github.com/lindsayevans) for the tip on the author!.. :)
* **A user object.** There's a libray agnostic user object, and [Backbone](http://documentcloud.github.com/backbone) and [Spine](http://spinejs.com) sample models. All you really need is a roles method that returns an array of strings which are your roles.Then you need to provide some rules. Here's an example of how your rules may look like:
// Define your rules
var rules = {
guest: {
users: {
create: true
}
},
user: {
users: {
create: true,
read: function(user, the_guard) {
if (user == null) {
return false;
}
return the_guard.current_user.id === user.id;
},
update: function(user, the_guard) {
if (user == null) {
return false;
}
return the_guard.current_user.id === user.id;
}
}
},
admin: {
users: {
create: true,
read: true,
update: true,
"delete": true
},
another_resource: {
create: true,
read: true,
update: true,
"delete": true
}
}
};
// Make sure we have a user...
var user = new User(2, ["user"]);
// Create a guard
var the_guard = new TheGuard(rules);
the_guard.current_user = user;
// Ask for something! ;)
the_guard.can('read', 'users', user)## TODO
* Implement context evaluation on functions.
* Implement Backbone/Spine/put-your-framework-here helpers to provide out-of-the-box permission checking on any Models, Controllers/Routers and Views.
* Improve security?
* Provide a way to connect with a backend to do the permission checking instead.
* Improve the docs. Write proper examples.
* Write more tests.## Want to help?
Great! :) Just clone the repo, make your own branch and make a pull-request!.. All changes are welcome. :)