Role.js

Role allows you to manage user's access depending on his current roles and abilities map

Installation

Using Bower bower install role or just copy role.js

Usage

// Defining current user role ("guest" by default)
Role.current = "admin";

// or
Role.current = ["user", "moderator"];

// or
var CurrentUser = require('my-current-user-instance');
Role.current = function() {
  return CurrentUser.roles;
}

// Defining roles with entity->action mapping
Role.define("user", {
  books: {
    read: true,
    update: function(book) {
      return book && book.authorId === CurrentUser.id
    }
  }
});

// Inheriting existing models
Role.define("admin", "user", {
  books: {
    update: true
  }
});

// After that you're able to use "can" helper to check if current user's role is allowed to
// perform actions on passed entities.
// E.g. somewhere in code:

if (Role.can("read", "books")) {
  ...
}

// or

var book = books.get(1);

if (Role.can("update", "books", book)) {
  ...
}

// or somewhere in Backbone.Router or whatever router that has 'before' filter

... 
before: {
  'books/new': function() {
    if (!Role.can("create", "books")) {
      this.navigate("/home");
      return false;
    }
  }
}
...

Using roles in templates

Handlebars

Handlebars.registerHelper('can', function() {
  var abilityArgs = _.initial(arguments),
    able = Role.can.apply(null, abilityArgs),
    options = _.last(arguments);

  return able ? options.fn(this) : options.inverse(this);
});

after that you can have following in templates:

{{#can 'create' 'books'}}
  <a href="#/books/new">Add book</a>
{{else}}  
  <a href="#/access/request">Request access to add new books</a>
{{/can}}

Running tests

You can use karma runner via

npm install && grunt test