Is the user authorized to use this feature, or are they part of a group that can access this feature, or have they been explicitly denied access to the feature, or are they part of a group that's part of another group that has access to the feature, or are there any access overrides on the feature, and do they have the right to do what they want to do on the feature?
Does the user have the right to use the system resource?
Can the user create an article on the blog?
Yes or no?
Resources, Rights, Roles, Groups, & Users
if (user.authorized('blog', 'create')) {
displayAdmin()
}
import IAM from 'https://cdn.jsdelivr.net/.../main.min.js'
IAM.createResource({
blog: ['create', 'read', 'update', 'delete']
})
// "everyone"
IAM.all({
blog: ['read']
})
// Privileged users
IAM.createRole('administrator', {
blog: '*'
})
// "everyone"
IAM.all({
blog: ['read'],
secret_portal: ['deny:*']
})
// Privileged users
IAM.createRole('administrator', {
blog: '*',
secret_portal: ['allow:read', 'allow:manage']
})
// Create some groups
IAM.createGroup('blogmasters', 'writer', 'reader')
// Assign the "administrator" role to the "blogmasters" group
IAM.getGroup('blogmasters').assign('administrator')
let user = new IAM.User()
user.name = 'John Doe' // optional
user.join('blogmaster')
if (user.authorized('blog', 'create')) {
displayAdmin()
}
{
"display": "superadmin (group) <-- administrator (role) <-- * (right to view)",
"description": <See Below>,
"governedBy": {
"group": Group {#oid: Symbol(superadmin group),…},
"right": Right {#oid: Symbol(allow:* right),…},
"role": Role {#oid: Symbol(admin role), …}
},
"granted": true,
"resource": Resource {#oid: Symbol(admin portal resource),…},
"right": "view",
"stack": (5) [Group, Group, Group, Role, Right],
"type": "role"
}
The "view" right on the "admin portal" resource is granted by the "admin" role, which is assigned to the "subadmin" group, which is a member of the "admin" group, which the user is a member of.
Learn more at
github.com/coreybutler/iam
@goldglovecb
/
#