Node.js 項目中用到的用戶權限管理系統
權限管理,是管理系統中的常見組件。通常需要定義資源,把資源調配給用戶,通過判斷用戶是否有權限增刪改查來實現。
ACL :Access Control List,訪問控制列表,是比較流行的設計方式。通過吧用戶和權限掛鉤來實現。
RBAC :Role Based Access Control,角色訪問控制系統,是另一個實現思路。提煉出角色對象,把用戶和角色綁定,角色來對應權限,角色和權限沒有直接關聯,對復雜的系統來說,更加容易管理。
RBAC
資料
node 實現
源自: 這篇
https://github.com/seeden/rbac
Hierarchical Role Based Access Control for NodeJS
https://github.com/djvirgen/virgen-acl
Simple and elegant, create your own checks. No middleware?
https://github.com/OptimalBits/node_acl
Use as middleware, create your own roles and access. Great choice.
https://github.com/tschaub/authorized
Similar to connect roles… but a bit more robust? you can create roles and action, and associate many roles with that action
https://github.com/scottkf/ability-js
Like canCan for rails. This is a traditional controller / function type permission system. May be too abstract.
https://github.com/dresende/node-roles
More traditional setRole() hasRole() based checking. Last activity 2 years ago.
https://github.com/carlos8f/node-relations
Natural language style roles. Looks very promising and is in active development
https://github.com/ForbesLindesay/connect-roles
Simple and closer to action / natural language based. Requires writing your own checks for each.
https://github.com/ajlopez/SimplePermissions
Maybe too simple? Makes sense for assigning roles but then its hard to check against roles!
https://npmjs.org/package/entitlement
Not ideal but here for reference sake.
Mongoose Field Access Control
https://github.com/codedoctor/mongoose-plugins-accessible-by Set access per field of mongoose Schema. Not supported or maintained, and noted as not a perfect fit in all cases… but worth considering as a simple way to control access to fields.