module:api/acl
- Description:
ACL for access authorization.
Each ACL is a list of RegExps with a name.
ACLs are grouped by a role, at least one must match in order to succeed.
To define an ACL named test with endpoints and allow it for user but not intern roles:
api-acl-add-test = /url1|/url2... api-acl-allow-user = test api-acl-deny-intern = testThe user and intern roles are defined in the DbUser table, see module:api/users
- Source:
Examples
public endpoints by convention to use * as fallback, used in module:middleware/users
api-acl-add-* = ^/
api-acl-add-* = ^/auth
only admins can access /admin endpoint
api-acl-allow-admin = admins
api-acl-add-admins = ^/admin
users can access /users but not /users/billing
api-acl-allow-user = auth, users, -users_deny
api-acl-add-users = ^/user
api-acl-add-users_deny = ^/user/billing
Methods
(static) isAllowed(path, roles) → {undefined|string}
- Description:
Check the path and roles against allowed ACLs
- Source:
Parameters:
| Name | Type | Description |
|---|---|---|
path |
string | |
roles |
Array.<string> |
Returns:
| Type | Description |
|---|---|
| undefined | string |
|
Example
api.acl.isAllowed(context.path, ["admin", "billing"])
(static) isDenied(path, roles) → {undefinded|string}
- Description:
Check the path and roles against denied ACLs
- Source:
Parameters:
| Name | Type | Description |
|---|---|---|
path |
string | |
roles |
Array.<string> |
Returns:
| Type | Description |
|---|---|
| undefinded | string |
|
Example
api.acl.isDenied(context.path, ["admin", "billing"])
(static) isMatched(path, acls) → {undefined|null|string}
- Description:
Check the path agains given list of ACL names, if a name starts with
-it means negative match, the check fails immediately and returns null
- Source:
Parameters:
| Name | Type | Description |
|---|---|---|
path |
string | |
acls |
string | Array.<string> |
Returns:
| Type | Description |
|---|---|
| undefined | null | string |
|
Example
api.acl.isMatched(context.path, "*");
api.acl.isMatched(context.path, ["user", "-intern"]);
api.acl.isMatched(context.path, "admin");
(static) reset()
- Description:
Reset all acls
- Source: