Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kuzzleio/kuzzle-plugin-sample-custom-policies

Example of advanced permission management with a Kuzzle plugin
https://github.com/kuzzleio/kuzzle-plugin-sample-custom-policies

kuzzle kuzzle-plugin

Last synced: about 2 months ago
JSON representation

Example of advanced permission management with a Kuzzle plugin

Host: GitHub
URL: https://github.com/kuzzleio/kuzzle-plugin-sample-custom-policies
Owner: kuzzleio
License: apache-2.0
Archived: true
Created: 2018-03-30T13:06:31.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2018-08-22T17:15:12.000Z (about 6 years ago)
Last Synced: 2024-06-23T13:31:41.057Z (3 months ago)
Topics: kuzzle, kuzzle-plugin
Language: JavaScript
Homepage:
Size: 11.7 KB
Stars: 1
Watchers: 12
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Sample "custom policies" plugin for Kuzzle

This plugin demonstrates how we can use custom code to manage custom permissions.

## How it works

Let's assume that we have an application in which we do not want to allow non-admin users to view, update or delete other user's items.

### Update/delete queries

Run [assertCanUpdate](lib/index.js#L38) **before** the request:
* fetch the document we want to update or delete, to check its metadata
* allow the request if the author of the document is current user
* deny the request otherwise

### search/count queries

Run [addQueryFilter](lib/index.js#L81) **before** the request:
* inject a filter to the elasticsearch query to filter document owned by current user.

### get query

Run [assertCanRead](lib/index.js#L121) **after** the request:
* check the metadata of the document given by the request's response
* allow the request and send back the response if the author of the document is current user
* deny the request and send back an `ForbiddenError` response otherwise

### mget query

Run [filterMgetResult](lib/index.js#L141) **after** the request:
* iterate through the response results
* keep only the documents which author is current user.

## Install

Clone this repository locally and make it accessible from the `plugins/enabled` directory relative to the Kuzzle installation directory. A common practice is to put the code of the plugin in `plugins/available` and create a symbolic link to it in `plugins/enabled`.

**Note.** If you are running Kuzzle within a Docker container, you will need to mount the local plugin installation directory as a volume in the container.

Please refer to the Guide for further instructions on [how to install Kuzzle plugins](https://docs.kuzzle.io/guide/essentials/plugins/#how-to-install-plugin).