https://github.com/joris-gallot/grantify

Lightweight framework-agnostic RBAC and permission management toolkit
https://github.com/joris-gallot/grantify

access-control acl auth authorization permissions rbac roles security

Last synced: 4 months ago
JSON representation

Lightweight framework-agnostic RBAC and permission management toolkit

• Host: GitHub
• URL: https://github.com/joris-gallot/grantify
• Owner: joris-gallot
• License: mit
• Created: 2025-11-02T20:18:20.000Z (8 months ago)
• Default Branch: main
• Last Pushed: 2025-11-02T20:40:43.000Z (8 months ago)
• Last Synced: 2025-11-02T22:14:10.147Z (8 months ago)
• Topics: access-control, acl, auth, authorization, permissions, rbac, roles, security
• Language: JavaScript
• Homepage:
• Size: 67.4 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Grantify

Grantify is a lightweight, framework-agnostic access-control toolkit, it provides a simple and fully typed API for managing permissions.

## Usage

```typescript

import { createGrantify } from '@grantify/core'

const { defineRule } = createGrantify({

  permissions: ['post:create', 'post:edit', 'post:delete'] as const,

  user: { id: 1, isAdmin: false },

})

const grantify = defineRule('post:create', user => user.id === 1)

  .defineRule('post:edit', (user, ctx: { isOwner: boolean } | undefined) =>

    Boolean(user.isAdmin || ctx?.isOwner)

  )

  .defineRule('post:delete', async () => await Promise.resolve(true))

  .build()

const canEdit = grantify.can('post:edit', { id: 2, isAdmin: false }, { isOwner: true })

// Returns: true

const canDelete = await grantify.can('post:delete')

// Returns: true (async rule)

```

## API

### `can(permission, user?, context?)`

Check if a user has permission to perform an action.

**Parameters:**

- `permission` (required): The permission string to check (must be one of the defined permissions)

- `user` (optional): The user object to check permissions for, if omitted, uses the default user provided in `createGrantify()`

- `context` (optional): Additional context data required by the rule, the type is inferred based on the rule definition

**Returns:**

- `boolean` for synchronous rules

- `Promise` for asynchronous rules

**Examples:**

```typescript

// Check with default user (no additional parameters)

grantify.can('post:create')

// Check with custom user

grantify.can('post:create', { id: 2, isAdmin: true })

// Check with custom user and context

grantify.can('post:edit', { id: 3, isAdmin: false }, { isOwner: true })

// Async rules return a Promise

await grantify.can('post:delete')

```

## License

MIT