@adonis-agora/authz
v0.5.0
Published
Bouncer-integrated, DB-backed RBAC for AdonisJS — roles, permissions, wildcard matching and multi-tenancy on top of @adonisjs/bouncer, with pluggable stores (Lucid / in-memory). Part of the Agora ecosystem.
Downloads
940
Maintainers
Readme
@adonis-agora/authz
Bouncer-integrated, DB-backed RBAC for AdonisJS — roles, permissions, wildcard matching and multi-tenancy on top of
@adonisjs/bouncer, with pluggable stores. Part of the Agora ecosystem.
It does not replace Bouncer — it registers a small set of static Bouncer
abilities (can, hasRole) whose body consults a database-backed permission
store. You keep using ctx.bouncer.allows(...) and @can(...) exactly as you
do today.
Install
npm i @adonis-agora/authz
node ace configure @adonis-agora/authz
node ace migration:run # if you use the Lucid storeUse
// app/abilities/authz.ts was published for you:
import { can, hasRole } from '#abilities/authz'
// In a controller / route:
await ctx.bouncer.allows('can', 'posts.edit', post) // wildcard: posts.* ⊇ posts.edit
await ctx.bouncer.authorize('hasRole', 'admin')@can('can', 'posts.edit')
<a href="/posts/{{ post.id }}/edit">Edit</a>
@endGrant from the CLI or programmatically:
node ace authz:grant editor posts.edit
node ace authz:assign editor 42See the docs for concepts (wildcards, tenancy), config drivers, the Lucid mixin, ace commands and testing.
License
MIT
