因为最近做的项目需要对一些资源做简单的权限管理。老项目用的是 node_acl。功能比较全,但是对于简单的 acl 也需要连数据库。于是就在想可不可以把 ACL 搞的简单一点。
对于简单的 ACL,表达的是 role 是否被 allow 对一个 resource 做某个操作。
这其实可以使用一个三维矩阵来:
行代表 role
列代表 resource
第三维代表权限。
于是做了这个小库: acl-matrix
下面复制了下 readme, 欢迎讨论
npm install acl-matrix
const AclMatrix = require('acl-matrix');
const roles = ['admin', 'member', 'guest'];
const resources = ['blog', 'comment'];
const allows = ['get', 'add', 'update', 'delete'];
// Each element in matrix stores the permissions of a role to a resource.
const matrix = [
// admin member guest
[[1, 1, 1, 1], [1, 0, 1, 1], [1, 0, 0, 0]], // blog
[[1, 1, 1, 1], [1, 1, 1, 1], [1, 1, 1, 0]], // comment
];
const acl = new AclMatrix(roles, resources, allows, matrix);
// 0
acl.isAllowed('member', 'blog', 'add');
// 1
acl.isAllowed('member', 'blog', 'get');
roles are the types of user trying to access resourcesallows describes the oprations user will need to domatrix describes the allows relation between roles and resources;0 and 1s, the length of array should equal to allows's. This array describes the permissions.For example: in the above sample code, matrix[0][2] ([1, 0, 0, 0]) means the guest role is able to 'get' the 'blog' resource, but not others.
matrix should eauql to resources length;matrix should eauql to role length;matrix should eauql to allows length;node_acl is good, but it acquires database to store the acls. And it is relatively hard to mantain and update acl using node_acl.
Benefits of using acl-matrix:
users and roles. You will need to store the role of the user youself using acl-matrixAdd more method for the class maybe?
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.