Skip to content
/ Privileged Public

Privileged is an isomorphic authorization library for restricting resources by action, subjct and fields

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

loresoft/Privileged

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits

.github

.github

 
 

src

src

 
 

test

test

 
 

.editorconfig

.editorconfig

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

Privileged.sln

Privileged.sln

 
 

README.md

README.md

 
 

coverlet.runsettings

coverlet.runsettings

 
 

logo.png

logo.png

 
 

Repository files navigation

Privileged

Privileged is an isomorphic authorization library for restricting resources by action, subjct and fields. It's designed to be incrementally adoptable and can easily scale between a simple claim based and fully featured subject and action based authorization. It makes it easy to manage and share permissions across UI components, API services, and database queries.

Inspired by CASL

Build Project

Coverage Status

Privileged

Features

  • Versatile An incrementally adoptable and can easily scale between a simple claim based and fully featured subject and attribute based authorization.
  • Isomorphic Can be used on frontend and backend and complementary packages make integration with Frontend and Backend effortless
  • Declarative Thanks to declarative rules, you can serialize and share permissions between UI and API or microservices

General

Privileged operates on rules for what a user can actually do in the application. A rule itself depends on the 3 parameters:

  1. Action Describes what user can actually do in the app. User action is a word (usually a verb) which depends on the business logic (e.g., update, read). Very often it will be a list of words from CRUD - create, read, update and delete.
  2. Subject The subject which you want to check user action on. Usually this is a business (or domain) entity name (e.g., Subscription, Post, User).
  3. Fields Can be used to restrict user action only to matched subject's fields (e.g., to allow moderator to update published field of Post but not update description or title)

Examples

Using builder to create rules

var context = new PrivilegeBuilder()
    .Allow("test", PrivilegeSubjects.All)
    .Allow(PrivilegeActions.All, "Post")
    .Forbid("publish", "Post")
    .Build();

context.Allowed("read", "Post").Should().BeTrue();
context.Allowed("update", "Post").Should().BeTrue();
context.Allowed("archive", "Post").Should().BeTrue();
context.Allowed("read", "User").Should().BeFalse();
context.Allowed("delete", "Post").Should().BeTrue();
context.Allowed("publish", "Post").Should().BeFalse();
context.Allowed("test", "User").Should().BeTrue();
context.Allowed("test", "Post").Should().BeTrue();

Using fields

var context = new PrivilegeBuilder()
    .Allow("read", "Post", ["title", "id"])
    .Allow("read", "User")
    .Build();

context.Allowed("read", "Post").Should().BeTrue();
context.Allowed("read", "Post", "id").Should().BeTrue();
context.Allowed("read", "Post", "title").Should().BeTrue();
context.Allowed("read", "Post", "ssn").Should().BeFalse();

context.Allowed("read", "User").Should().BeTrue();
context.Allowed("read", "User", "id").Should().BeTrue();

About

Privileged is an isomorphic authorization library for restricting resources by action, subjct and fields

Topics

permissions authorization blazor

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

v1.0.0 Latest
Jan 10, 2024
+ 2 releases

Packages 2

 
 

Contributors 2

  •  
  •  

Languages