{"_id":"nod","_rev":"11-32fe6c625bf5fb241fee368975f71c20","name":"nod","description":"A simple, persistence-agnostic authorization system for node.js","dist-tags":{"latest":"0.2.0"},"versions":{"0.0.1":{"name":"nod","version":"0.0.1","description":"A simple, persistence-agnostic authorization system for node.js","main":"index.js","scripts":{"test":"mocha test -r should -R spec"},"repository":{"type":"git","url":"git@github.com:pvencill/nod.git"},"keywords":["node","authorization","access","control"],"author":{"name":"Paul Vencill"},"license":"BSD","devDependencies":{"mocha":"~1.7.4","should":"~1.2.1"},"dependencies":{"underscore":"~1.4.3"},"readme":"Boilerplate\n=====\n\nFast, generic, simple access control system for node.js.\n\n## Installation\n\n\t$ npm install nod\n\n## Quick start\n\nnod is used by consuming applications to manage a map of permissions that let you later check or enforce that certain subjects have permissions on specific objects.\nIt does not try and enforce a particular storage paradigm on your application, nor does it presume anything about the hierarchy of your stuff.  You simply grant, revoke, check, or enforce as appropriate.\n\n#grant#\n_grant(<subjectId>, <resourceId>, <permission>)_\n```js\nvar nod = require('nod');\n\n// assuming some object named article\nnod.grant('peter', article.id, 'read');\n```\n\nAt this point, nod's permissions map will record that the subject identified as 'peter' will have the permission to 'read' the article.\nNote that all the parameters are pretty arbitrary; nod attaches no semantic meaning to your permission names, nor does it assume any kind of inheritance in this release.\nYou can, however, check peter's rights as follows:\n\n```javascript\nnod.check('peter', article.id, 'read'); // returns true\nnod.check('peter', article.id, 'write'); // returns false\nnod.enforce('peter', article.id', write'); // throws an AccessDeniedError\n```\n\nIf you later change your mind, you can always `revoke` permissions as well\n\n```javascript\nnod.revoke('peter', article.id, 'read');\n```\n\nYou can also view a copy of the permissions map through `getPermissions`\n\n```javascript\nnod.grant('peter', '102029192', 'read');\nnod.getPermissions();\n// returns { '102029192' : { permissions : { read : ['peter'] }}}\n```\n\nAnd finally, you can set permissions as well\n\n```javascript\nnod.setPermissions({'102029192' : { permissions : {read : ['peter','stewie']}}});\nnod.check('stewie', '102029192', 'read'); // returns true\n```","readmeFilename":"README.md","_id":"nod@0.0.1","dist":{"shasum":"85a1825a7f0a713d8bd59b59b42b9c51f0d41e1f","tarball":"https://registry.npmjs.org/nod/-/nod-0.0.1.tgz","integrity":"sha512-NAuPsdK45m220Lceuf8KRdOvsSbje+SvcnrcAZIrnIJ+euVnbVxMAa5Co6naaeYV2oM5qvJMsk10aLKPDpUIlw==","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEMCH08vJ9GQJV/GGoSEXb9uPu4UO+Z+uWU+iX1xTVEFmTICIEG1VFfuyoDjkxoCEGY0d14SXwjFq1nuSMGEatYBkf8e"}]},"_npmVersion":"1.1.65","_npmUser":{"name":"pvencill","email":"paul.vencill@gmail.com"},"maintainers":[{"name":"pvencill","email":"paul.vencill@gmail.com"}]},"0.0.2":{"name":"nod","version":"0.0.2","description":"A simple, persistence-agnostic authorization system for node.js","main":"index.js","scripts":{"test":"mocha test -r should -R spec"},"repository":{"type":"git","url":"git@github.com:pvencill/nod.git"},"keywords":["node","authorization","access","control"],"author":{"name":"Paul Vencill"},"license":"BSD","devDependencies":{"mocha":"~1.7.4","should":"~1.2.1"},"dependencies":{"underscore":"~1.4.3"},"readme":"Boilerplate\n=====\n\nFast, generic, simple access control system for node.js.\n\n## Installation\n\n\t$ npm install nod\n\n## Quick start\n\nnod is used by consuming applications to manage a map of permissions that let you later check or enforce that certain subjects have permissions on specific objects.\nIt does not try and enforce a particular storage paradigm on your application, nor does it presume anything about the hierarchy of your stuff.  You simply grant, revoke, check, or enforce as appropriate.\n\n#grant#\n_grant(<subjectId>, <resourceId>, <permission>)_\n```js\nvar nod = require('nod');\n\n// assuming some object named article\nnod.grant('peter', article.id, 'read');\n```\n\nAt this point, nod's permissions map will record that the subject identified as 'peter' will have the permission to 'read' the article.\nNote that all the parameters are pretty arbitrary; nod attaches no semantic meaning to your permission names, nor does it assume any kind of inheritance in this release.\nYou can, however, check peter's rights as follows:\n\n```javascript\nnod.check('peter', article.id, 'read'); // returns true\nnod.check('peter', article.id, 'write'); // returns false\nnod.enforce('peter', article.id', write'); // throws an AccessDeniedError\n```\n\nIf you later change your mind, you can always `revoke` permissions as well\n\n```javascript\nnod.revoke('peter', article.id, 'read');\n```\n\nYou can also view a copy of the permissions map through `getPermissions`\n\n```javascript\nnod.grant('peter', '102029192', 'read');\nnod.getPermissions();\n// returns { '102029192' : { read : ['peter'] }}\n```\n\nAnd finally, you can set permissions as well\n\n```javascript\nnod.setPermissions({'102029192' : {read : ['peter','stewie']}});\nnod.check('stewie', '102029192', 'read'); // returns true\n```","readmeFilename":"README.md","_id":"nod@0.0.2","dist":{"shasum":"488ad2c472617495894982487b96749f048a0cb8","tarball":"https://registry.npmjs.org/nod/-/nod-0.0.2.tgz","integrity":"sha512-DglusePsCpux5Wd98dvzP7Gtula1hyOBdp/+hLVLcjd2JmnDChJsRZ9TrUy2nv4zxWT+yuqd8rItlQ9gz1/qUA==","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEQCICIGioQOXFAFau7KD6XrKod+BhdHEfsBOOqUzfGsHAwEAiAmcw7YardUJxox5eOnWskpf0UUj81rRP03Q78Wg7xgAA=="}]},"_npmVersion":"1.1.65","_npmUser":{"name":"pvencill","email":"paul.vencill@gmail.com"},"maintainers":[{"name":"pvencill","email":"paul.vencill@gmail.com"}]},"0.1.1":{"name":"nod","version":"0.1.1","description":"A simple, persistence-agnostic authorization system for node.js","main":"index.js","scripts":{"test":"mocha test -r should -R spec"},"repository":{"type":"git","url":"git@github.com:pvencill/nod.git"},"keywords":["node","authorization","access","control"],"author":{"name":"Paul Vencill"},"license":"BSD","devDependencies":{"mocha":"~1.7.4","should":"~1.2.1"},"dependencies":{"underscore":"~1.4.3"},"readme":"Nod\n=====\n\nFast, generic, simple access control system for node.js.\n\n## Installation\n\n\t$ npm install nod\n\n## Introduction\n\nnod is used by consuming applications to manage a map of permissions that let you later check or enforce that certain subjects have permissions on specific objects.\n\n### grant\n_ grant(subject, resource, permission) _\n\nArguments can be strings, numbers, or arrays.  Strings or numbers will be treated as individual keys where arrays will be treated as a collection of keys to objects.\nA wildcard string can be used as well to indicate 'all' in any position, but use this sparingly (see revoke).\n\nNote that all the parameters are pretty arbitrary; nod attaches no semantic meaning to your permission names, nor does it assume any kind of inheritance in this release.\nHowever, resources and permissions will be used as property keys in a javascript object (see getPermissions below), so they must be valid for use as object keys.\n\n```javascript\n// assuming some object named article\nnod.grant('peter', article.id, 'read');   // peter can read the article with article.id\nnod.grant(['admins','users'], 'article', 'read'); // admins and users can read an article\nnod.grant('admins', 'users', '*'); // admins have all rights to affect users\n```\n\n### check or enforce\n_ check(subject, resource, permission) _\n\n`check` returns true if a subject has a permission on a given resource, and false if it does not.  You can also provide an array of subjects, in which case `check` returns true if *any* of the\nsubjects have that permission on the resource.  This is mostly to allow easy checking of a user's roles against a resource.\n\n`enforce` by contrast calls `check` and then throws an AccessDeniedError if the `check` returns false.\n\nYou can, check peter's rights as follows:\n\n```javascript\nvar peter = {_id : 'peter', roles : ['user', 'contributor']};\nnod.check(peter._id, article.id, 'read'); // returns true\nnod.check(peter._id, article.id, 'write'); // returns false\nnod.enforce(peter._id, article.id', write'); // throws an AccessDeniedError\nnod.check(peter.roles, article.id, 'read');\n```\n\n### revoke\n_ revoke(subject, resource, permission) _\n\nIf you later change your mind, you can always `revoke` permissions as well. As with `grant`, you can pass arrays instead of numbers or strings to revoke lists of things\n\n```javascript\nnod.revoke('peter', article.id, 'read');\nnod.revoke('peter',article.id, ['read','write']);\nnod.revoke(['peter','stewie'], article.id, 'read');\n```\n\nNote that wildcards must be revoked as a wildcard.  You cannot successfully grant with a wildcard and then revoke for something more specific:\n\n```javascript\nnod.grant('*', 'articles', 'write');\nnod.revoke('peter', 'articles', write');\nnod.check('peter','articles','write'); // returns true since the wildcard is still in place\n\n// you must remove the wildcard:\nnod.revoke('*','articles','write');\n```\n\n\n### getPermissions\n\nYou can also view a copy of the permissions map through `getPermissions`\n\n```javascript\nnod.grant('peter', '102029192', 'read');\nnod.getPermissions();\n// returns { '102029192' : { read : ['peter'] }}\n```\n\n### setPermissions\n\nAnd finally, you can set permissions as well\n\n```javascript\nnod.setPermissions({'102029192' : {read : ['peter','stewie']}});\nnod.check('stewie', '102029192', 'read'); // returns true\n```\n\n### Configuration\n\nAt the moment, the only option that does anything is setting the wildcard character (by default, '*').  You do this by calling nod as a function.\n\n```javascript\nvar nod = require('nod');\nnod({ wildcard : '$'});\n```\n","readmeFilename":"README.md","_id":"nod@0.1.1","dist":{"shasum":"d69f3962b1122102e246212a1de549c8036071a8","tarball":"https://registry.npmjs.org/nod/-/nod-0.1.1.tgz","integrity":"sha512-SE7CnWOMmdIpTV5nAyjXeO1QOcGxAeUBHsJmuY1UEXGuBxHf476eGG4PFSwfncR9LjVclYSwjtqSI92uihh+7g==","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEUCIBIdW5PWfSa7oSyuNXD27YL/alu8855PaMxurY+yYAmXAiEArWqsKfPE21YRqos4feim0uST+WpjQPniVZb/PfetZ8o="}]},"_npmVersion":"1.1.65","_npmUser":{"name":"pvencill","email":"paul.vencill@gmail.com"},"maintainers":[{"name":"pvencill","email":"paul.vencill@gmail.com"}]},"0.2.0":{"name":"nod","version":"0.2.0","description":"A simple, persistence-agnostic authorization system for node.js","main":"index.js","scripts":{"test":"mocha test -r should -R spec"},"repository":{"type":"git","url":"git@github.com:pvencill/nod.git"},"keywords":["node","authorization","access","control"],"author":{"name":"Paul Vencill"},"license":"BSD","devDependencies":{"mocha":"~1.7.4","should":"~1.2.1"},"dependencies":{"underscore":"~1.4.3"},"readme":"Nod\n=====\n\nFast, generic, simple access control system for node.js.\n\n## Installation\n\n\t$ npm install nod\n\n## Introduction\n\nnod is used by consuming applications to manage a map of permissions that let you later check or enforce that certain subjects have permissions on specific objects.\n\n### grant\n_grant(subject, resource, permission, [condition])_\n\nSubjects, resources, and permissions can be strings, numbers, objects or arrays.  Strings or numbers will be treated as individual keys where arrays will be treated as a collection of keys to objects.\nIf an object is used, then it must have an id field defined (_id by default, but this can be set through configuration).\nA wildcard string can be used as well to indicate 'all' in any position, but use this sparingly (see revoke).\n\nNote that all the mandatory parameters are pretty arbitrary; nod attaches no semantic meaning to your permission names, nor does it assume any kind of inheritance in this release.\nHowever, resources and permissions will be used as property keys in a javascript object (see getPermissions below), so they must be valid for use as object keys.\n\nThe one optional parameter, condition, is a function that will be called instead of the normal 'check' call when evaluating if a given subject has the specified rights.\nIt has the same signature as check (subject, resource, permission) and should explicitly return true or false to indicate whether access should be granted or not.  Note,\nhowever that it still has to find the condition based on the first three params, so it may be useful to place it with wildcards (see example)\n\n```javascript\n// assuming some object named article\nnod.grant('peter', article.id, 'read');   // peter can read the article with article.id\nnod.grant(['admins','users'], 'article', 'read'); // admins and users can read an article\nnod.grant('admins', 'users', '*'); // admins have all rights to affect users\nnod.grant('*', '*', 'read', function(s,r,p){ return /posts\\/\\d+/.test(r); }); // grants read rights to all users for all resources that pass the regex test\n```\n\n### check or enforce\n_check(subject, resource, permission)_\n_enforce(subject, resource, permission)_\n\n`check` returns true if a subject has a permission on a given resource, and false if it does not.  You can also provide an array of subjects, in which case `check` returns true if *any* of the\nsubjects have that permission on the resource.  This is mostly to allow easy checking of a user's roles against a resource.\n\n`enforce` by contrast calls `check` and then throws an AccessDeniedError if the `check` returns false.\n\nYou can, check peter's rights as follows:\n\n```javascript\nvar peter = {_id : 'peter', roles : ['user', 'contributor']};\nnod.check(peter._id, article.id, 'read'); // returns true\nnod.check(peter._id, article.id, 'write'); // returns false\nnod.enforce(peter._id, article.id', write'); // throws an AccessDeniedError\nnod.check(peter.roles, article.id, 'read');\n```\n\n### revoke\n_revoke(subject, resource, permission)_\n\nIf you later change your mind, you can always `revoke` permissions as well. As with `grant`, you can pass arrays instead of numbers or strings to revoke lists of things\n\n```javascript\nnod.revoke('peter', article.id, 'read');\nnod.revoke('peter',article.id, ['read','write']);\nnod.revoke(['peter','stewie'], article.id, 'read');\n```\n\nNote that wildcards must be revoked as a wildcard.  You cannot successfully grant with a wildcard and then revoke for something more specific:\n\n```javascript\nnod.grant('*', 'articles', 'write');\nnod.revoke('peter', 'articles', write');\nnod.check('peter','articles','write'); // returns true since the wildcard is still in place\n\n// you must remove the wildcard:\nnod.revoke('*','articles','write');\n```\n\n\n### getPermissions\n_getPermissions()_\n\nYou can also view a copy of the permissions map through `getPermissions`\n\n```javascript\nnod.grant('peter', '102029192', 'read');\nnod.getPermissions();\n// returns { '102029192' : { read : {peter : true }}}\n```\n\n### setPermissions\n_setPermissions(obj)_\n\nAnd finally, you can set permissions as well\n\n```javascript\nnod.setPermissions({'102029192' : {read : {peter : true, stewie : true }}});\nnod.check('stewie', '102029192', 'read'); // returns true\n```\n\nNote that setting permissions this way should be done with caution as it just does a bulk overwrite of the current hash.\n\n### Configuration\n\nAt the moment, the only option that does anything is setting the wildcard character (by default, '*').  You do this by calling nod as a function.\n\n```javascript\nvar nod = require('nod');\nnod({ wildcard : '$'});\n```\n","_id":"nod@0.2.0","dist":{"shasum":"aeadadd4e17195bf78a23ce3153b282125b0d6a8","tarball":"https://registry.npmjs.org/nod/-/nod-0.2.0.tgz","integrity":"sha512-FfpAvMud1eHTPE6t1iRthpPNO05HVm5u5OT3/CXcMiEeyVX7EhV6KTG7S6fAzq9SgdBvcBpM+7kZyYM3WyN6Cg==","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEYCIQClY0gd2sLSjj2+z+/W3fVwxbTxB3v0PUENMn0TBVlSRwIhALt1LSbWEPMF/feh5BENjamxZa3ccLAZeZiRHDpEUGj4"}]},"_npmVersion":"1.1.62","_npmUser":{"name":"pvencill","email":"paul@cyberstride.net"},"maintainers":[{"name":"pvencill","email":"paul.vencill@gmail.com"}]}},"readme":"Boilerplate\n=====\n\nFast, generic, simple access control system for node.js.\n\n## Installation\n\n\t$ npm install nod\n\n## Quick start\n\nnod is used by consuming applications to manage a map of permissions that let you later check or enforce that certain subjects have permissions on specific objects.\nIt does not try and enforce a particular storage paradigm on your application, nor does it presume anything about the hierarchy of your stuff.  You simply grant, revoke, check, or enforce as appropriate.\n\n#grant#\n_grant(<subjectId>, <resourceId>, <permission>)_\n```js\nvar nod = require('nod');\n\n// assuming some object named article\nnod.grant('peter', article.id, 'read');\n```\n\nAt this point, nod's permissions map will record that the subject identified as 'peter' will have the permission to 'read' the article.\nNote that all the parameters are pretty arbitrary; nod attaches no semantic meaning to your permission names, nor does it assume any kind of inheritance in this release.\nYou can, however, check peter's rights as follows:\n\n```javascript\nnod.check('peter', article.id, 'read'); // returns true\nnod.check('peter', article.id, 'write'); // returns false\nnod.enforce('peter', article.id', write'); // throws an AccessDeniedError\n```\n\nIf you later change your mind, you can always `revoke` permissions as well\n\n```javascript\nnod.revoke('peter', article.id, 'read');\n```\n\nYou can also view a copy of the permissions map through `getPermissions`\n\n```javascript\nnod.grant('peter', '102029192', 'read');\nnod.getPermissions();\n// returns { '102029192' : { permissions : { read : ['peter'] }}}\n```\n\nAnd finally, you can set permissions as well\n\n```javascript\nnod.setPermissions({'102029192' : { permissions : {read : ['peter','stewie']}}});\nnod.check('stewie', '102029192', 'read'); // returns true\n```","maintainers":[{"name":"pvencill","email":"paul.vencill@gmail.com"}],"time":{"modified":"2022-06-21T11:28:10.332Z","created":"2013-01-06T21:16:41.763Z","0.0.1":"2013-01-06T21:16:47.178Z","0.0.2":"2013-01-07T01:01:09.254Z","0.1.1":"2013-01-07T22:02:22.172Z","0.2.0":"2013-01-09T18:43:21.464Z"},"author":{"name":"Paul Vencill"},"repository":{"type":"git","url":"git@github.com:pvencill/nod.git"}}