A deno module that provides a functional interface for defining action, object, and field-level authorisation rules.
No dependencies, 100% test coverage.
import {
and,
create,
} from "https://raw.githubusercontent.com/joelshepherd/authz/0.1.0/mod.ts";
const authoriser = create({
action: {
read: () => true,
write: (context) => context.role === "writer",
},
object: {
// read falls back to action-level
write: and(
(context) => context.role === "writer",
(context, post) => context.user === post.user
),
},
});
if (authoriser(context, "write")) {
// user can perform write
}
if (authoriser(context, "write", object)) {
// user can perform write on this object
}
if (authoriser(context, "write", object, "name")) {
// user can perform write on this object's name field
}
const allRules = and(...rules);
const anyRule = or(...rules);
const notRule = not(rule);
const boundAuthoriser = bind(context, authoriser);
boundAuthoriser("read"); // no need to specify the context anymore