reaccess
For The Mean
Usefull to
- manage users access to your APIs
- adapt user interfaces to their access level
Principle
User acces rights based
on the REST API ENDPOINTS
Rights are simply defined by an URI pattern:
/users/:user_id/notifications\?(.*)
And a set of methods:
HEAD, OPTIONS, GET, PUT, POST, DELETE
URI patterns are templated
You can refer to deep object properties:
/places/:user.home.id/
Wildcards allow to match several values. In this case, the access will be granted for each matched values:
/places/:user.places.*.id
Back
End
Step 1: Augment req
app.use(function(req, res, next) {
getUserInfosFromTheDB().then(function(user) {
req._rights = user.rights;
req._rightsTemplateValues = [user];
next();
});
});
Step 2: Add express-reaccess
var reaccess = require('express-reaccess');
app.use(reaccess({
rightsProps: ['_rights'],
valuesProps: ['_rightsTemplatesValues'],
accessErrorMessage: 'UNAUTHORIZED'
));
Step 3: Handle access failures
app.use(function(err, req, res, next) {
if("UNAUTHORIZED" == err.message) {
res.send(401, req._user);
}
next(err);
});
Advantages
- simple
- granular
- API centric
- composable
Front
End
Step 1: Configure
angular.module('myApp', [
'simplifield.reaccess'
]).config(['sfReaccessServiceProvider',
function(sfReaccessServiceProvider) {
// Debugging rights (if you wish)
$logProvider.debugEnabled(true);
sfReaccessServiceProvider.debug(true);
// Setting templated rights
sfReaccessServiceProvider.setPredefinedRights({
'USER_ADD': {
path: '/api/users',
methods: ['POST']
},
'USER_EDIT':{
path: '/api/users/:id',
methods: ['PUT', 'PATCH']
},
'USER_DELETE': {
path: '/api/users/:id',
methods: ['DELETE']
}
});
}]);
Step 2: Load rights
// Retrieving current user informations
$http.get('/profile').then(function(response) {
// Saving rights
sfReaccessService.setRights(response.data.rights);
// Setting values to fill templated rights
sfReaccessService.setValues([{
_username: response.data.username
}]);
});
Step 3: Use it!
<!-- Display button if user can add users -->
<a href="#/beers/create" class="btn btn-primary"
ng-show="'USER_ADD' | sfReaccess">
Add a user
</a>
In your templates:
if($sfReaccessService.test('USER_ADD')) {
// Yay, i can add users
}
In your code:
Advantages
- end to end
- adaptable
- a/b testing friendly
Thanks!
@nfroidure on GitHub and Twitter
working at @SimpliField
Projects repos:
express-reaccess - angular-reaccess