Roles and permissions system for Nodejs

roles_investigation.md

ACL / Roles + Permissions

Virgen-ACL (virgen-acl)

• https://github.com/djvirgen/virgen-acl
• "Simple in-memory ACL for node.js apps. Supports arbitrary roles and resources, including role/resource detection using a simple interface. Additionally supports custom assertions for more complex rules."
• Comments: "Simple and elegant, create your own checks. No middleware?"

Node ACL (acl)

• https://github.com/OptimalBits/node_acl
• "...a minimalistic ACL implementation inspired by Zend_ACL."
• Comments: "Use as middleware, create your own roles and access. Great choice."

Authorized! (authorized)

• https://github.com/tschaub/authorized
• "Action based authorization middleware"
• Comments: "Similar to connect roles... but a bit more robust? you can create roles and action, and associate many roles with that action"

Ability-js (ability)

• https://github.com/scottkf/ability-js
• "...route-based ACL component for express.js"
• Comments: "Like canCan for rails. This is a traditional controller / function type permission system. May be too abstract."

NodeJS Roles (roles)

• https://github.com/dresende/node-roles
• Comments: "More traditional setRole() hasRole() based checking. Last activity 2 years ago."

node-relations

• https://github.com/carlos8f/node-relations
• "Entity relationship, role, and permissions API"
• Comments: "Natural language style roles. Looks very promising and is in active development"

Connect Roles (connect-roles)

• https://github.com/ForbesLindesay/connect-roles
• "...authorisation provider...for Express and Connect"
• Comments: "Simple and closer to action / natural language based. Requires writing your own checks for each."

SimplePermissions (simplepermissions)

• https://github.com/ajlopez/SimplePermissions
• "Permissions by Subject, Role, and Context. It uses an in-memory model."
• Comments: "Maybe too simple? Makes sense for assigning roles but then its hard to check against roles!"

entitlement

• https://npmjs.org/package/entitlement
• Comment: "Not ideal but here for reference sake. (Last commit over 4 years ago.)"

CanCan (cancan)

• https://github.com/vdemedes/cancan

MustBe (mustbe)

• https://github.com/derickbailey/mustbe

passport-local-roles

• https://www.npmjs.com/package/passport-local-roles
• "Passport strategy for authenticating with a username, password and User Roles."

permission

• https://www.npmjs.com/package/permission
• "Express & Passport-compatible authorization middleware[,] provides customizable management of access control list (ACL)."

express-authorize

• https://www.npmjs.com/package/express-authorize
• "an express/connect middleware module for enforcing an Apache Shiro inspired authorization system"

accesscontrol

• https://www.npmjs.com/package/accesscontrol

CASL (casl)

• https://stalniy.github.io/casl/
• "isomorphic authorization"

Mongoose Field Access Control

mongoose-plugins-accessible-by

• https://github.com/codedoctor/mongoose-plugins-accessible-by
• "...adds an accessibleBy field to a mongoose schema to be able to determine access rights for models belonging to this schema."
• Comments: "Set access per field of mongoose Schema. Not supported or maintained, and noted as not a perfect fit in all cases... but worth considering as a simple way to control access to fields."

mongoose-rbac

• https://github.com/bryandragon/mongoose-rbac
• "Role-based access control for mongoose apps"

Angular

angular-permission

• https://www.npmjs.com/package/angular-permission
• "...route authorization via roles/permissions...for Angular applications"

Tutorials

AngularJS -- Quick Role-Based Authentication (by @artgon)

• http://arthur.gonigberg.com/2013/06/29/angularjs-role-based-auth/
• https://github.com/artgon/angularjs-role-based-auth