search

onury / accesscontrol

Role and Attribute based Access Control for Node.js
https://onury.io/accesscontrol
MIT License
2.21k stars 178 forks source link

Allow `number` as valid type of role #93

Open vegerot opened 3 years ago

vegerot commented 3 years ago

Context:

I want to be able to define the roles in my application as a const enum in TypeScript like so

const enum ACRolesEnum {
  blocks,
  event,
  holidays,
  photos
}

const enum RoleTypes {
  User,
  Admin,
  Developer,
  Scheduler
}

roles
  .grant(RoleTypes.User)
    .readOwn(ACRolesEnum.photos)
    .readOwn(ACRolesEnum.event)
  .grant(RoleType.Developer)
    .readAny(ACRolesEnum.photos)
.lock()

Problem:

However, Typscript enums use numbers by default, and .read, .update, etc. only accept string | string[]. (and .grant also accepts IAccessInfo)

Proposal: I've read through a lot of the code that uses these roles, and I can't see any reason we couldn't also accept number | number[] as part of it.

Workaround: Use string enums instead, like

const enum ACRolesEnum {
  blocks = 'blocks',
  event = 'event',
}