Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Canornot?
An authorisation and access control library based on JSON Schema.
Install
Using NPM
npm install canornot --saveUsing Yarn
yarn add canornotUsage
Example ABAC module based on Canornot
const Canornot = require('canornot');
const datastore = require('some-kind-of-datastore');
// A policy that allows getting your own user details, and editing companies
// in your list of company ids
const policySchema = {
properties: {
'user:get': {
$ref: 'actor#/properties/user_id'
},
'company:edit': {
$ref: 'actor#/properties/company_ids'
}
}
};
function getActorSchema(user_id) {
return datastore.fetchUserById(user_id)
.then(user => {
return {
id: 'actor',
description: 'Actor Properties',
type: 'object',
additionalProperties: false,
properties: {
user_id: {
type: 'number',
enum: [user.id]
},
company_ids: {
type: 'number',
enum: user.company_ids
}
}
};
});
}
}
module.exports = options => {
return new Canornot({
actorSchema: getActorSchema(options.user_id),
policySchema: policySchema
});
};Example use of the above ABAC module
//This is our ABAC module based on Canornot
const abac = require('./abac.js');
// Create a check method using the provided details (user_id)
const permission = abac({user_id: 12344});
// Permission is allowed here
permission.can('user:get', 12344)
.then(() => console.log('Permission allowed!'))
.catch(() => console.log('Permission denied!'));
// Permission is denied here!
permission.can('user:get', 99999)
.then(() => console.log('Permission allowed!'))
.catch(() => console.log('Permission denied!'));Support
Via GitHub issue tracker
License
MIT (See LICENCE file)