pundit 
Minimal authorization through a plain old JavaScript object, ported to JS from the Ruby gem. Fits nicely into any app/framework including Express, Micro, React, Vue, Graphql, etc.
Installation
npm install --save punditUsage
In order to use Pundit, you can initialize a policy by passing an object of functions. These functions are called actions. Actions typically map to routes in your application.
A policy accepts a user, often the current user of your session, and the resource you wish to authorize against.
const pundit = require('pundit')
const PostPolicy = pundit({
edit: (user, record) => user.id === record.id,
destroy: (user) => user.isAdmin()
})
const policy = new PostPolicy(user, record)
policy.edit()
policy.destroy()Using with Express
TODOUsing with Graphql
In Graphql land, you can authorize returned objects using Pundit in the resolve callback of the query.
TODOUsing with React
You can also expose UI elements when the current user is authorized using the When component.
It is recommended to wrap When with your own Component that automatically defines the user and policy for the resource.
<When
user={currentUser}
can='edit'
resource={post}
policy={policy}
>
<EditButton />
</When>License
MIT
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request
Crafted with <3 by John Otander (@4lpine).
This package was initially generated with yeoman and the p generator.