Comments (3)
SylvainEstevez
commented on September 26, 2024
Indeed the logical combination of all condition statements is AND @broom9. In order to achieve an OR, you can create multiple permissions with different conditions.
Example: a user can watch a PG13 movie if they are over 13 OR parental control is disabled:
{
id: 'OfAge',
action: 'watch',
resource: 'movie',
condition: {
numberGreaterThanEquals: {
simpleValue: { 'user.age': '13' }
}
}
}
{
id: 'NoParentalControl',
action: 'watch',
resource: 'movie',
condition: {
bool: {
simpleValue: { 'user.parentalControl': 'false' }
}
}
}
accessControl.can(user, 'watch', 'movie', { user });If either one of the above conditions is true, then the user will be granted access. This is also how you would do such thing in AWS IAM I believe.
If your goal is to allow a set of values, ie a sort of IN statement on a single property, then you can use the forAnyValue modifier.
Example: a user can fetch a post if it's in state 'PUBLISHED' OR 'IN_REVIEW':
{
id: 'GetPost',
action: 'fetch',
resource: 'post',
condition: {
stringEquals: {
forAnyValue: { 'post.status': ['PUBLISHED', 'IN_REVIEW'] }
}
}
}
accessControl.can(user, 'fetch', 'post', { post });If the post has a status of either 'PUBLISHED' OR 'IN_REVIEW' the user will be granted access.
As to providing a special syntax for OR / multiple conditions in a single statement, I haven't found a good way to do this (one that would stay close to the AWS syntax) but if you have a proposal with examples I'd be happy to look at it!
Hope this helps!
from access-control.
broom9
commented on September 26, 2024
Thanks for the detailed explanations @SylvainEstevez .
One thought is the when there are multiple conditions with AND relationship, the syntax could be improved. For example, if a user can only buy student pass if she is a student AND she is under 21:
{
id: 'buyStudentPass',
action: 'qualify',
resource: 'student_pass',
condition: {
numberLessThanEquals: {
simpleValue: { 'user.age': '21' }
},
bool: {
simpleValue: { 'user.isStudent': 'true' }
},
}
}
Is above the expected syntax? What if I want to have two rules with numberLessThanEquals in it?
It seems the rule syntax is better to be:
{
id: 'buyStudentPass',
action: 'qualify',
resource: 'student_pass',
conditions: [
{
numberLessThanEquals: {
simpleValue: { 'user.age': '21' }
}
},
{
bool: {
simpleValue: { 'user.isStudent': 'true' }
}
}
]
}
from access-control.
SylvainEstevez
commented on September 26, 2024
@broom9 This is indeed the correct syntax. To have more than one numberLessThanEquals rule, simply add more properties in the object.
{
id: 'buyStudentPass',
action: 'qualify',
resource: 'student_pass',
condition: {
numberLessThanEquals: {
simpleValue: {
'user.age': '21',
'user.studentPassCount': 1 // ie, can only buy if not bought already
}
},
bool: {
simpleValue: { 'user.isStudent': 'true' }
},
}
}
from access-control.
Related Issues (20)
- Probably the cleanest repo i've ever seen. Love the use of emojis :) HOT 1
- No Doc for Persistence Layer HOT 2
- Better way to accept null values HOT 3
- Can't install this from yarn HOT 3
- Extending Roles? HOT 7
- Validate resource in addPermissionToRole
- NPM detected vulnerability HOT 2
- Multiple to Multiple condition HOT 1
- Keys.filter() will not filter out an object property that equals an empty object. HOT 4
- Attach more data besides returnedAttributes to permissions HOT 1
- Dependencies due for update HOT 1
- forAnyValueIfExists should pass if environment doesn't have the key
- Suggestions: Hierarchical Role Based Access Control & more... HOT 3
- PermissionEffect type conflict HOT 5
- Fix vulnerabilities HOT 1
- forAllValuesIfExists doesn't pass for env value `null` HOT 4
- Value Associated with Role? HOT 2
- Would this PR be welcomed here? HOT 1
- lodash version bump? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from access-control.