Comments (4)
dohomi
commented on May 22, 2024
3
@onury I would have same interest as @mattmeye
My usecase would need the extension of passing in an object being validated. On a multi-tenant self-register system the users would be part of a scope - in my usecase clubs or teams. I haven't found a way to do this in accesscontrol yet. Or did I miss it somewhere in the docs?
I would look for:
- user is admin of
Team AinClub A - user is coach of
Team Bin Club A - user is admin of
Club A - user is admin of
Club B
from accesscontrol.
onury
commented on May 22, 2024
Thanks. Pls give me some details on what specific features (under env/subject/object.. control) your use case(s) require.
I'm trying to be careful with a few things that somewhat affect these kinds of design decisions;
- Embrace SRP. This library should do one thing and do that good.
- Avoid tight coupling with other systems such as OS, databases, other frameworks, etc.. (But these can be supported optionally)
- Friendly APIs, good semantics.
- Avoid unnecessary complexity.
Soon, I'll write a detailed overview on new or additional concepts/features I'm considering (to be implemented) which include partial environment control, date/time, rate controls, resource hierarchy, etc..
from accesscontrol.
rexfng
commented on May 22, 2024
@onury I would have same interest as @mattmeye
My usecase would need the extension of passing in an object being validated. On a multi-tenant self-register system the users would be part of a
scope- in my usecase clubs or teams. I haven't found a way to do this in accesscontrol yet. Or did I miss it somewhere in the docs?I would look for:
- user is admin of
Team AinClub A- user is coach of
Team Bin Club A- user is admin of
Club A- user is admin of
Club B
I have the same question. My case would be a user who is an admin within his own group, but should not have "admin privileges in others. I'm looking at a potential solution:
- adding a .where(),
ac.grant('group_leader').create('resource').where('resource', ['group_name=@self'])
const permission = ac.can('user').setScope({group_name: "group1"}).create('resource');
I find the createOwn and createAny (own vs any), a false dichotomy at times as there are cases for scope.
from accesscontrol.
rexfng
commented on May 22, 2024
turn out someone has already built that in a separate module https://www.npmjs.com/package/accesscontrol-plus,
I think we can closed this
from accesscontrol.
Related Issues (20)
- How to restrict access to certain part of the page HOT 1
- I would like to become a maintainer of this repo HOT 8
- grant permissions for every resources ? HOT 1
- please ignore - opened by mistake
- Filter array data
- support for deno
- Custom Possession HOT 1
- Cannot inherit non-existent role when using grants in object
- AccessControl() constructor does not support list of grant objects comes from Mongodb using mongoose
- Why we need to filter out the req.body in updateOwn
- Control system
- Multicontextual permissions HOT 1
- Make Action and Possession actual enums.
- Ignore undefined roles if one of them enough access HOT 3
- Filter creates anwanted fields HOT 4
- Allow `number` as valid type of role
- Distributed Grant File HOT 1
- Consider upgrading Notation to latest version 2.0 HOT 5
- Is this repo abandoned? HOT 3
- Rules support? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from accesscontrol.