v1.0.0

kidtronnix · Sep 16, 2014 · 6513d48 · 6513d48
1 parent da1214a
commit 6513d48
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 6 deletions.
diff --git a/Makefile b/Makefile
@@ -3,7 +3,7 @@ test:
 test-cov:
 	@node node_modules/lab/bin/lab -t 100
 test-lcov:
-	@node node_modules/lab/bin/lab -t 90 -r lcov | ./node_modules/coveralls/bin/coveralls.js
+	@node node_modules/lab/bin/lab -t 100 -r lcov | ./node_modules/coveralls/bin/coveralls.js
 test-cov-html:
 	@node node_modules/lab/bin/lab -r html -o coverage.html
 .PHONY: test test-cov test-cov-html
diff --git a/README.md b/README.md
@@ -22,8 +22,8 @@ The below is intended to be added into a hapi plugin. In our example case, we wi
 Configure toothache with desired behaviour... 
 
 ```js
+// User model
 var CRUD = {
-
     db: db,                 // MongoDB connection
     collection: 'users',    // MongoDB connection
     // Create options
@@ -36,7 +36,9 @@ var CRUD = {
         }),                 // Valid create payload 
         defaults: {         // Default values that will be added at doc creation
             access: 'normal',
-            activated: false
+            activated: false,
+            uId: true       // Field used for access control. This is a special field that when set to true will default to user's id 
+                            // The value comes from, 'request.auth.artifacts.id' ie the id the user authenticates with
         },
         access: "admin"     // Sets which role can create 
     },
@@ -109,7 +111,6 @@ plugin.route({
     }
 });
 
-
 // Update, must use 'id' parameter to refer to mongo's '_id' field
 plugin.route({
     method: 'PUT', path: '/api/user/{id}',
@@ -127,4 +128,29 @@ plugin.route({
 });
 ```
 
+### Access Control
+
+Access control is only added if a route is authenticated. An `access` field must be added to user's credentials at authentication. For example:
+
+```js
+getCredentialsFunc: function (id, callback) {
+    // Core creds
+    var credentials = {
+        user1: {
+            key: 'pass1',
+            access: 'admin',
+            algorithm: 'sha256'
+        },
+        user2: {
+            key: 'pass2',
+            access: 'normal',
+            algorithm: 'sha256'
+        }
+    }
+    return callback(null, credentials[id]);
+}
+```
+
+ - Admin users get access to all resources, they can create, read, update and delete.
+ - Normal users only have access to their own resources, they can only CRUD documents that have a `uId` equal to user's authenitcation id (`request.auth.artifacts.id`)
 
diff --git a/package.json b/package.json
@@ -1,10 +1,10 @@
 {
   "name": "toothache",
-  "version": "0.1.3",
+  "version": "1.0.0",
   "description": "Hapi plugin that removes the toothache from creating CRUD endpoints for MongoDB.",
   "main": "index.js",
   "scripts": {
-    "test": "make test-cov-html"
+    "test": "make test-lcov"
   },
   "repository": {
     "type": "git",