npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

shiro-trie

v0.4.10

Published

Check permissions using Shiro-like strings, put in a trie.

Downloads

14,112

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

scherzingerscherzingerdeyhledeyhleehlerskonehlerskon

Keywords

shiro-trieshirotrieauthorizationpermissions

Readme

NPM version Build Status Coverage Dependency StatusGreenkeeper badge

Check permissions using Shiro-like strings, put in a trie.

Module for handling permissions in an Apache Shiro-like style. Permissions are stored in a Trie which makes it super performant and able to make additional queries apart from a simple permission check: it is also possible to return a list of sub-rights. For example, if you have permissions to access resources with id 1 and 2, you can simply ask which ids are accessable using a customized Shiro syntax.

Install

node.js

$ npm install --save shiro-trie

web / frontend

$ bower install --save shiro-trie

Getting Started

node.js

var shiroTrie = require('shiro-trie');

web / frontend

Using the shiro-trie plugin in your web-app is pretty simple, too. First, you should include the script file to your HTML-file:

<script type="text/javascript" src="bower_components/shiro-trie/dist/shiro-trie.js" />

Usage

var shiroTrie = require('shiro-trie');

var account1 = shiroTrie.newTrie();

account1.add([
  'printer:xpc5000:print',
  'printer:xpc4000:*',
  'nas:timeCapsule,fritzbox:read'
]);

account1.check('printer:xpc4000:configure'); // true
account1.check('nas:timeCapsule:write'); // false

account1.permissions('printer:?'); // ['xpc5000', 'xpc4000']
account1.permissions('nas:$:?'); // ['read']

Defining permissions

See Understanding Permissions in Apache Shiro for a short introduction to Shiro Syntax. Basically, you can describe a permission hierarchy using : as separator. Example:

printer:xpc5000:print

You may define multiple alternatives for a level using , as separator. For example:

nas:timeCapsule,fritzbox:read is the same as nas:timeCapsule:read plus nas:fritzbox:read.

You may also use the wildcard character * to grant all permissions:

printer:*:print grants printing on any printer.

At the end, a wildcard may be omitted. Example:

printer:xpc5000 is the same as printer:xpc5000:*.

The function for adding one or multiple permissions is .add(…). You may set one string, a list of strings or array(s) of strings. It returns the same ShiroTrie instance for chainability.

Note that ? is no special character for single-character-wildcard, as opposed to some other Shiro libraries.

Checking permissions

You should always check for explicit permissions (no wildcard * or alternative , characters). For example:

printer:xpc4000:print

or

nas:timeCapsule:write

The function for checking a permission is .check(string). It returns true or false.

Getting available permissions

This is an extension to the original Apache Shiro syntax and functionality that is enabled by using a Trie instead of regular expressions for permission checking.

Given the example above, you may want to show a list of printers the user has access to (=any sub-permission). In traditional Shiro, you will have to take the whole list and whitelist each single object using a separate permission-check call to find out if there are permissions or not.

This module has a special method with a slightly different syntax to achieve exactly that: getting objects an account has permissions to.

The syntax is basically the same as for checking permissions, but introduces two new special characters: $ and ?. You perform a normal check, but you can swap a single part of the query with ?. This means “give me all that can stand there”. For example:

The permission nas:timeCapsule,fritzbox:read can be queried with nas:? which will return ['timeCapsule', 'fritzbox']. In the same manner, nas:?:write would return a list with all NAS devices where the write permission is available.

$ is a special character for “any”. For example:

nas:$:? would return a list of rights the user has on any NAS device in the example above – where each is only included once. Example:

Available permissions: nas:timeCapsule:read,write, nas:fritzbox:read,reboot. The query nas:$:? would return ['read', 'write', 'reboot'].

The function for checking available permissions is .permissions(string). It returns an Array of available permission Strings. The string to check may only contain one ? character. Also note that nas:? is the same query as nas:?:$ (would return ['timeCapsule', 'fritzbox']).

API

Initialization

var shiroTrie = require('shiro-trie');

shiroTrie.newTrie(); / shiroTrie.new();

Returns a new ShiroTrie instance.

var account1 = shiroTrie.newTrie();

Instance methods

add(string[, string])

Adds a new permission. Multiple permission strings can be added at once, either as argument list or as array. Even multiple array may be used as arguments. Returns the same instance for chaining.

Permission strings may contain special characters :, *, , but not $ or ?.

account1.add([
  'printer:xpc5000:print',
  'printer:xpc4000:*',
  'nas:timeCapsule,fritzbox:read'
]);

check(string)

Checks if a single permission is allowed. No special characters apart from :, , and * are allowed. If the permission string contains , characters, all variants are tested and the result is only true if all permissions are allowed. Returns Boolean.

account1.check('printer:xpc4000:configure'); // true
account1.check('nas:timeCapsule:write'); // false

permissions(string)

Retrieves a list of available permissions at a certain position in the permission Trie. Expects a permission string containing ?. Additionally, the any operator $ can be used. Returns Array.

account1.permissions('printer:?'); // ['xpc5000', 'xpc4000']
account1.permissions('nas:$:?'); // ['read']

reset()

Empties the Trie and returns it. New permissions can be added using add(…) afterwards.

Tests

Tests can be executed with Mocha:

$ mocha -R spec

Current Test Coverage:

Coverage

It can be checked with istanbul:

$ istanbul cover _mocha -- -R spec

Known issues

  • add(…) and permissions(…) and one case in _check is implemented recursive which is probably not ideal

Changelog

see CHANGELOG.md

License

MIT © entrecode GmbH