Defining Authorizations
Table of contents
Usage
const imperium = require('imperium')
Roles
Define the different roles of your applications.
Use imperium.role('...', (ctx) => {})
to create a role.
The function will be used to determine if your user has the role (it can be asynchronous
by returning a Promise
).
This function needs to return:
- a
boolean
(true
if user has the corresponding role, otherwisefalse
) - an
object
to compare against route actions - an
array
of objects, in this case at least one needs to match
imperium.role('admin', async ({ session }) => {
return session.role === 'admin'
})
imperium.role('user', async ({ session }) => {
return { user: session.user.id }
})
imperium.role('author', async ({ session }) => {
// Fetch posts from DB which belongs to current session
const posts = await Posts.find({ author_id: session.user.id })
// Returns an array of posts
return posts.map((post) => ({ post: post.id }))
})
When returning an object
or an array
, the keys will be compared against user actions params.
Actions
Use imperium.role('...')
to get a role, and use can
or is
methods to give actions or inherit from another role.
can(actionName, [params])
Define a user action with its params to match against.
imperium.role('user')
.can('seeUser', { user: '@' })
.can('manageUser', { user: '@' }) // '@' means itself
is(roleName, [params])
Inherit role's actions and overwrite its params.
imperium.role('admin')
.is('user', { user: '*' }) // '*' means all, so admin can see and manage all users
Once your ACLs are defined, you can learn how to protect your routes here.