Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Roles and permissions system for Nodejs

ACL / Roles + Permissions

https://github.com/djvirgen/virgen-acl Simple and elegant, create your own checks. No middleware?

https://github.com/OptimalBits/node_acl Use as middleware, create your own roles and access. Great choice.

https://github.com/tschaub/authorized Similar to connect roles... but a bit more robust? you can create roles and action, and associate many roles with that action

https://github.com/scottkf/ability-js Like canCan for rails. This is a traditional controller / function type permission system. May be too abstract.

https://github.com/dresende/node-roles More traditional setRole() hasRole() based checking. Last activity 2 years ago.

https://github.com/carlos8f/node-relations Natural language style roles. Looks very promising and is in active development

https://github.com/ForbesLindesay/connect-roles Simple and closer to action / natural language based. Requires writing your own checks for each.

https://github.com/ajlopez/SimplePermissions Maybe too simple? Makes sense for assigning roles but then its hard to check against roles!

https://npmjs.org/package/entitlement Not ideal but here for reference sake.

Mongoose Field Access Control

https://github.com/codedoctor/mongoose-plugins-accessible-by Set access per field of mongoose Schema. Not supported or maintained, and noted as not a perfect fit in all cases... but worth considering as a simple way to control access to fields.

kharhys commented Sep 13, 2015

Hi, Great compilation.
You might want to correct a typo on the gist's name (roles_invesitgation.md)

Thanks for a compiled list of somethings out there.

emerak commented Feb 18, 2016

Awesome! 🤘

Thanks for the collection!

Thanks a lot !!!

Thanks man, very usefull... \o

chichivica commented Feb 16, 2017 edited

current popularity rank (based on npmjs.com dowloads count)

  1. acl
  2. connect-roles
  3. authorized
  4. virgen-acl
  5. permission
  6. ability
  7. simplepermissions
  8. entitlement

onury commented May 10, 2017

Here is my approach https://github.com/onury/accesscontrol
Example:

var permission = ac.can(role).createOwn(resource);
if (permission.granted) {
    // do stuff...
} else {
    console.log('Forbidden');
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment