Skip to content

Instantly share code, notes, and snippets.

@facultymatt

facultymatt/roles_invesitgation.md

Last active April 16, 2024 09:31
Show Gist options
  • Save facultymatt/6370903 to your computer and use it in GitHub Desktop.
Save facultymatt/6370903 to your computer and use it in GitHub Desktop.
Download ZIP
Roles and permissions system for Nodejs
Raw
roles_invesitgation.md

ACL / Roles + Permissions

https://github.com/djvirgen/virgen-acl Simple and elegant, create your own checks. No middleware?

https://github.com/OptimalBits/node_acl Use as middleware, create your own roles and access. Great choice.

https://github.com/tschaub/authorized Similar to connect roles... but a bit more robust? you can create roles and action, and associate many roles with that action

https://github.com/scottkf/ability-js Like canCan for rails. This is a traditional controller / function type permission system. May be too abstract.

https://github.com/dresende/node-roles More traditional setRole() hasRole() based checking. Last activity 2 years ago.

https://github.com/carlos8f/node-relations Natural language style roles. Looks very promising and is in active development

https://github.com/ForbesLindesay/connect-roles Simple and closer to action / natural language based. Requires writing your own checks for each.

https://github.com/ajlopez/SimplePermissions Maybe too simple? Makes sense for assigning roles but then its hard to check against roles!

https://npmjs.org/package/entitlement Not ideal but here for reference sake.

Mongoose Field Access Control

https://github.com/codedoctor/mongoose-plugins-accessible-by Set access per field of mongoose Schema. Not supported or maintained, and noted as not a perfect fit in all cases... but worth considering as a simple way to control access to fields.

@sedzd
Copy link

sedzd commented Dec 11, 2018

I'm surprised https://github.com/stalniy/casl isn't on the list

exactly!

@PuzoLiang
Copy link

awesone. thank you guys

@HighSoftWare96
Copy link

Nobody talks about https://casbin.org/?

@ChaitanyaBabar
Copy link

ChaitanyaBabar commented May 22, 2020
edited

I'm surprised https://github.com/stalniy/casl isn't on the list

@facultymatt
Yes , along with casl I think accesscontrol should also be on list.

List of top trends.
https://www.npmtrends.com/accesscontrol-vs-acl-vs-express-acl-vs-express-authorization-vs-node-authorization-vs-@casl/mongoose-vs-@casl/ability

@hackerunet
Copy link

Does anybody knows a way to have multiorganization roles permissions? I need to create permisssions dynamically depending on customers organizations, which means, I have system permissions, I have each company permissions and the name of the role and it's permissions is not unique, which means a company A could have a Role A and the company B could have Role A, then Role A of company A and Role A of Company B have the same name but different actions associated. So the customers in Company A access their own permissions and Company B access their own permissions.

@hsluoyz
Copy link

hsluoyz commented Sep 11, 2020

@hackerunet you can try Casbin's RBAC model with domains: https://casbin.org/docs/en/rbac-with-domains

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment