https://github.com/kaltsoon/mongoose-ability

Mongoose plugin for managing users' abilities
https://github.com/kaltsoon/mongoose-ability

Last synced: 14 days ago
JSON representation

Mongoose plugin for managing users' abilities

• Host: GitHub
• URL: https://github.com/kaltsoon/mongoose-ability
• Owner: Kaltsoon
• License: mit
• Created: 2016-12-22T13:01:36.000Z (almost 8 years ago)
• Default Branch: master
• Last Pushed: 2016-12-22T14:18:03.000Z (almost 8 years ago)
• Last Synced: 2024-09-19T12:22:28.335Z (about 2 months ago)
• Language: JavaScript
• Size: 3.91 KB
• Stars: 0
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# mongoose-ability

Mongoose plugin for managing users' abilities.

[![Build Status](https://travis-ci.org/Kaltsoon/mongoose-ability.svg?branch=master)](https://travis-ci.org/Kaltsoon/mongoose-ability)

# How to install

```

npm install mongoose-ability

```

# How to use

1. Hook the plugin to a schema:

```javascript

// user.js

const Promise = require('bluebird');

const { Schema, model } = require('mongoose');

const abilityPlugin = require('mongoose-ability');

const schema = new Schema({

  name: String

});

schema.plugins(abilityPlugin, {

  name: 'removeUser',

  verifier(user) {

    if(!user) {

      return Promise.resolve(true);

    }

    return Promise.resolve(this.equals(user));

  },

  error: new Error('Removing the user is forbidden by the user') // Define a custom error (optional)

});

```

`verifier` and `name` are required options for the plugin. `name` defines names of the methods generated by the plugin which are in format `canActionName` and `canActionNameOrError`. In example's case generated methods are `canRemoveUser` and `canRemoveUserOrError`. `verifier` is a function which verifies the ability by returning a promise which returns either `true` (action is permitted) or `false` (action is forbidden). `verifier` gets the same arguments as `canActionName` and `canActionNameOrError` methods. `error` is optional error parameter which will be rejected when using `canActionNameOrError` and action is forbidden.

2. Validate abilities (Express example):

```javascript

  const User = require('./user');

  app.delete('/users/:userId',

    authorize(),

    (req, res, next) => {

      let targetUser;

      User.findById(req.params.userId)

        .then(user => {

          if(!user) {

            return next(new Error(`Couldn't find user by id "${req.params.userId}"`));

          }

          targetUser = user;

          return req.user.canRemoveUserOrError(user); // rejects if verifier returns false

        })

        .then(() => targetUser.remove())

        .then(() => res.sendStatus(200))

        .catch(next);

    });

```

# Running tests

```

npm test

```