@pmcollab/coworkstream-rbac
v0.1.0
Published
Role-based access control + tenant isolation for @pmcollab/coworkstream. Filters items and actions by role and tenant.
Readme
@pmcollab/coworkstream-rbac
Role-based access control + tenant isolation for @pmcollab/coworkstream.
Install
npm install @pmcollab/coworkstream-rbacUse
import { createPolicy, wrapStoreWithPolicy } from '@pmcollab/coworkstream-rbac'
const policy = createPolicy({
roles: {
ic: { categories: ['decision', 'signal', 'draft'], actions: ['approve', 'defer', 'ignore'] },
manager: { categories: '*', actions: '*' },
admin: { categories: '*', actions: '*' },
},
defaultRole: 'ic',
})
// Boundary checks
policy.canSeeItem(user, item)
policy.canApplyAction(user, item, 'approve')
policy.filterItems(user, items)
// Or wrap your store and let it enforce automatically:
const store = wrapStoreWithPolicy(myStore, policy)Tenant isolation
By default, meta.tenantId (or tenantId on the item) is compared to user.tenantId. Items with mismatched tenants are invisible. Pass tenantField to use a different key.
License
Commercial. See LICENSE in the repository root.
