因为最近做的项目需要对一些资源做简单的权限管理。老项目用的是 node_acl。功能比较全,但是对于简单的 acl 也需要连数据库。于是就在想可不可以把 ACL 搞的简单一点。
对于简单的 ACL,表达的是 role
是否被 allow
对一个 resource
做某个操作。
这其实可以使用一个三维矩阵来:
行代表 role
列代表 resource
第三维代表权限。
于是做了这个小库: acl-matrix
下面复制了下 readme, 欢迎讨论
npm install acl-matrix
const AclMatrix = require('acl-matrix');
const roles = ['admin', 'member', 'guest'];
const resources = ['blog', 'comment'];
const allows = ['get', 'add', 'update', 'delete'];
// Each element in matrix stores the permissions of a role to a resource.
const matrix = [
// admin member guest
[[1, 1, 1, 1], [1, 0, 1, 1], [1, 0, 0, 0]], // blog
[[1, 1, 1, 1], [1, 1, 1, 1], [1, 1, 1, 0]], // comment
];
const acl = new AclMatrix(roles, resources, allows, matrix);
// 0
acl.isAllowed('member', 'blog', 'add');
// 1
acl.isAllowed('member', 'blog', 'get');
roles
are the types of user trying to access resources
allows
describes the oprations user will need to domatrix
describes the allows
relation between roles
and resources
;0
and 1
s, the length of array should equal to allows
's. This array describes the permissions.For example: in the above sample code, matrix[0][2]
([1, 0, 0, 0]
) means the guest
role is able to 'get'
the 'blog'
resource, but not others.
matrix
should eauql to resources
length;matrix
should eauql to role
length;matrix
should eauql to allows
length;node_acl is good, but it acquires database to store the acls. And it is relatively hard to mantain and update acl using node_acl
.
Benefits of using acl-matrix
:
users
and roles
. You will need to store the role of the user youself using acl-matrix
Add more method for the class maybe?
1
xx19941215 2018-02-06 21:00:52 +08:00
有意思 学的矩阵都忘了。。很难想到这 楼主是数学系转的计算机吗
|