Instantly share code, notes, and snippets.

Embed
What would you like to do?
Roles and permissions system for Nodejs

ACL / Roles + Permissions

https://github.com/djvirgen/virgen-acl Simple and elegant, create your own checks. No middleware?

https://github.com/OptimalBits/node_acl Use as middleware, create your own roles and access. Great choice.

https://github.com/tschaub/authorized Similar to connect roles... but a bit more robust? you can create roles and action, and associate many roles with that action

https://github.com/scottkf/ability-js Like canCan for rails. This is a traditional controller / function type permission system. May be too abstract.

https://github.com/dresende/node-roles More traditional setRole() hasRole() based checking. Last activity 2 years ago.

https://github.com/carlos8f/node-relations Natural language style roles. Looks very promising and is in active development

https://github.com/ForbesLindesay/connect-roles Simple and closer to action / natural language based. Requires writing your own checks for each.

https://github.com/ajlopez/SimplePermissions Maybe too simple? Makes sense for assigning roles but then its hard to check against roles!

https://npmjs.org/package/entitlement Not ideal but here for reference sake.

Mongoose Field Access Control

https://github.com/codedoctor/mongoose-plugins-accessible-by Set access per field of mongoose Schema. Not supported or maintained, and noted as not a perfect fit in all cases... but worth considering as a simple way to control access to fields.

@kharhys

This comment has been minimized.

Show comment
Hide comment
@kharhys

kharhys Sep 13, 2015

Hi, Great compilation.
You might want to correct a typo on the gist's name (roles_invesitgation.md)

kharhys commented Sep 13, 2015

Hi, Great compilation.
You might want to correct a typo on the gist's name (roles_invesitgation.md)

@Palmer11

This comment has been minimized.

Show comment
Hide comment
@Palmer11

Palmer11 Sep 23, 2015

Thanks for a compiled list of somethings out there.

Palmer11 commented Sep 23, 2015

Thanks for a compiled list of somethings out there.

@tenodi

This comment has been minimized.

Show comment
Hide comment
@tenodi

tenodi commented Sep 28, 2015

@emerak

This comment has been minimized.

Show comment
Hide comment
@emerak

emerak Feb 18, 2016

Awesome! 🤘

emerak commented Feb 18, 2016

Awesome! 🤘

@macroramesh6

This comment has been minimized.

Show comment
Hide comment
@macroramesh6

macroramesh6 Nov 24, 2016

Thanks for the collection!

macroramesh6 commented Nov 24, 2016

Thanks for the collection!

@mdsaleemj

This comment has been minimized.

Show comment
Hide comment
@mdsaleemj

mdsaleemj Nov 30, 2016

Thanks a lot !!!

mdsaleemj commented Nov 30, 2016

Thanks a lot !!!

@Underzzoo

This comment has been minimized.

Show comment
Hide comment
@Underzzoo

Underzzoo Feb 11, 2017

Thanks man, very usefull... \o

Underzzoo commented Feb 11, 2017

Thanks man, very usefull... \o

@chichivica

This comment has been minimized.

Show comment
Hide comment
@chichivica

chichivica Feb 16, 2017

current popularity rank (based on npmjs.com dowloads count)

  1. acl
  2. connect-roles
  3. authorized
  4. virgen-acl
  5. permission
  6. ability
  7. simplepermissions
  8. entitlement

chichivica commented Feb 16, 2017

current popularity rank (based on npmjs.com dowloads count)

  1. acl
  2. connect-roles
  3. authorized
  4. virgen-acl
  5. permission
  6. ability
  7. simplepermissions
  8. entitlement
@KieronWiltshire

This comment has been minimized.

Show comment
Hide comment
@onury

This comment has been minimized.

Show comment
Hide comment
@onury

onury May 10, 2017

Here is my approach https://github.com/onury/accesscontrol
Example:

var permission = ac.can(role).createOwn(resource);
if (permission.granted) {
    // do stuff...
} else {
    console.log('Forbidden');
}

onury commented May 10, 2017

Here is my approach https://github.com/onury/accesscontrol
Example:

var permission = ac.can(role).createOwn(resource);
if (permission.granted) {
    // do stuff...
} else {
    console.log('Forbidden');
}
@kabala

This comment has been minimized.

Show comment
Hide comment
@kabala

kabala Jul 25, 2017

Thx so much!

kabala commented Jul 25, 2017

Thx so much!

@AGhost-7

This comment has been minimized.

Show comment
Hide comment
@AGhost-7

AGhost-7 Dec 27, 2017

Shameless plug! : https://github.com/AGhost-7/o-is/tree/master/packages/access-mate

Above is an attribute-based access control library. It is designed to be as flexible as possible by using conditions instead of roles. One can implement RBAC or whatever they want using conditions. Module also supports field-level access control that isn't supported by most of the modules listed here.

AGhost-7 commented Dec 27, 2017

Shameless plug! : https://github.com/AGhost-7/o-is/tree/master/packages/access-mate

Above is an attribute-based access control library. It is designed to be as flexible as possible by using conditions instead of roles. One can implement RBAC or whatever they want using conditions. Module also supports field-level access control that isn't supported by most of the modules listed here.

@SylvainEstevez

This comment has been minimized.

Show comment
Hide comment
@SylvainEstevez

SylvainEstevez Feb 13, 2018

If you wish to enhance the list, we wrote this with my team: https://github.com/bluebirds-blue-jay/access-control

SylvainEstevez commented Feb 13, 2018

If you wish to enhance the list, we wrote this with my team: https://github.com/bluebirds-blue-jay/access-control

@mxmzb

This comment has been minimized.

Show comment
Hide comment
@mxmzb

mxmzb Apr 9, 2018

Here is the real cancan for node.js: https://github.com/vadimdemedes/cancan

mxmzb commented Apr 9, 2018

Here is the real cancan for node.js: https://github.com/vadimdemedes/cancan

@chinookng

This comment has been minimized.

Show comment
Hide comment
@chinookng

chinookng commented May 18, 2018

@pak11273

This comment has been minimized.

Show comment
Hide comment
@pak11273

pak11273 Aug 4, 2018

I'm surprised https://github.com/stalniy/casl isn't on the list

pak11273 commented Aug 4, 2018

I'm surprised https://github.com/stalniy/casl isn't on the list

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment