Node.js 项目中用到的用户权限管理系统

jopen 9年前
 

权限管理,是管理系统中的常见组件。通常需要定义资源,把资源调配给用户,通过判断用户是否有权限增删改查来实现。

ACL :Access Control List,访问控制列表,是比较流行的设计方式。通过吧用户和权限挂钩来实现。

RBAC :Role Based Access Control,角色访问控制系统,是另一个实现思路。提炼出角色对象,把用户和角色绑定,角色来对应权限,角色和权限没有直接关联,对复杂的系统来说,更加容易管理。

RBAC

Node.js 项目中用到的用户权限管理系统

Node.js 项目中用到的用户权限管理系统

资料

扩展RBAC用户角色权限设计方案

基于AOP实现权限管理:访问控制模型RBAC和ACL

基于RBAC模型的权限管理系统的设计和实现

node 实现

源自: 这篇

https://github.com/seeden/rbac

Hierarchical Role Based Access Control for NodeJS

https://github.com/djvirgen/virgen-acl

Simple and elegant, create your own checks. No middleware?

https://github.com/OptimalBits/node_acl

Use as middleware, create your own roles and access. Great choice.

https://github.com/tschaub/authorized

Similar to connect roles… but a bit more robust? you can create roles and action, and associate many roles with that action

https://github.com/scottkf/ability-js

Like canCan for rails. This is a traditional controller / function type permission system. May be too abstract.

https://github.com/dresende/node-roles

More traditional setRole() hasRole() based checking. Last activity 2 years ago.

https://github.com/carlos8f/node-relations

Natural language style roles. Looks very promising and is in active development

https://github.com/ForbesLindesay/connect-roles

Simple and closer to action / natural language based. Requires writing your own checks for each.

https://github.com/ajlopez/SimplePermissions

Maybe too simple? Makes sense for assigning roles but then its hard to check against roles!

https://npmjs.org/package/entitlement

Not ideal but here for reference sake.

Mongoose Field Access Control

https://github.com/codedoctor/mongoose-plugins-accessible-by Set access per field of mongoose Schema. Not supported or maintained, and noted as not a perfect fit in all cases… but worth considering as a simple way to control access to fields.