- Install
npm install acl-matrix
- Require it
const AclMatrix = require('acl-matrix');
const roles = ['admin', 'member', 'guest'];
const resources = ['blog', 'comment'];
const allows = ['get', 'add', 'update', 'delete'];
// Each element in matrix stores the permissions of a role to a resource.
const matrix = [
// admin member guest
[[1, 1, 1, 1], [1, 0, 1, 1], [1, 0, 0, 0]], // blog
[[1, 1, 1, 1], [1, 1, 1, 1], [1, 1, 1, 0]], // comment
];
const acl = new AclMatrix(roles, resources, allows, matrix);
// 0
acl.isAllowed('member', 'blog', 'add');
// 1
acl.isAllowed('member', 'blog', 'get');
roles
are the types of user trying to accessresources
allows
describes the oprations user will need to domatrix
describes theallows
relation betweenroles
andresources
;- third dimension of the matrix is an array of
0
and1
s, the length of array should equal toallows
's. This array describes the permissions.
For example: in the above sample code, matrix[0][2]
([1, 0, 0, 0]
) means the guest
role is able to 'get'
the 'blog'
resource, but not others.
- Row number of
matrix
should eauql toresources
length; - Collum number of
matrix
should eauql torole
length; - Element number of
matrix
should eauql toallows
length;
node_acl is good, but it acquires database to store the acls. And it is relatively hard to mantain and update acl using node_acl
.
Benefits of using acl-matrix
:
- Three dimensional matrix is the simplest way to store acl;
- Simple to config and simple for future change;
- No dependency, acl matrix can be easily shared between frontend and backend;
- Performance: no database needed, checking permissions is justing reading elemet in array
- By using node_acl you are able to save relations between
users
androles
. You will need to store the role of the user youself usingacl-matrix
- By default, permissions of each roles are fixed, which is suitable for most projects. But if you want to allow user define the acl, you will need to store multiple acl matrices
Add more method for the class maybe?