Merge pull request #1 from digitalsadhu/permissions_hierarchy

Permissions hierarchy

README.md

@@ -6,7 +6,7 @@ This is a rewrite of the original incomplete V1 version of admittance. I decided
 
 Admittance now reads permissions from plain old javascript objects. This, I think helps to keep the module doing just one thing. To load data you just need create javascript objects and store them somewhere. You could simply require a json file and load it. This also makes it very easy to work with a nosql db. Just get and set your permissions to the db.
 
-## Usage
+## Basic usage
 
 ```js
 var admittance = require('admittance')
@@ -23,6 +23,27 @@ admittance(2).is('admin') //false!
 
 ```
 
+## Permission hierarchy usage
+
+```js
+var permissions = {
+  'admin': ['subscriber', 'editor'], //any userid assigned admin will also pass a subscriber or editor check
+  'editor': 'blogger', //any userid assigned editor will also pass a blogger check
+  1: 'admin'
+}
+
+```
+
+```js
+admittance(1).is('admin') //true
+
+admittance(1).is('subscriber') //true
+
+admittance(1).is('editor') //true
+
+admittance(1).is('blogger') //true
+```
+
 ## Permissions format
 
 Admittance expects a simple map from userids to permissions. Permissions are strings or array of strings. The strings are simply permission names that make sense for your application context.
@@ -37,31 +58,18 @@ var permissions = {
 }
 ```
 
-## Tests
-
-```
-npm test
-```
-
-## Next steps
-
-The permissions format needs to accept parent/child entries, and admittance checking needs to then handle those changes eg:
+You can define nested hierarchies as well
 
 ```js
 var permissions = {
   'admin': ['subscriber', 'editor'], //any userid assigned admin will also pass a subscriber or editor check
   'editor': 'blogger', //any userid assigned editor will also pass a blogger check
   1: 'admin'
 }
-
 ```
 
-```js
-admittance(1).is('admin') //true
-
-admittance(1).is('subscriber') //true
-
-admittance(1).is('editor') //true
+## Tests
 
-admittance(1).is('blogger') //true
+```js
+npm test
 ```

admittance.js

@@ -4,14 +4,81 @@ var util = require('util')
 
 var permissions = {}
 
+var getDirectChildren = function (parent) {
+
+  var perm = permissions[parent]
+
+  if (typeof perm === 'undefined' || perm === null) perm = []
+
+  if (!util.isArray(perm)) perm = [perm]
+
+  return perm
+}
+
+var getUserPermissions = function (userid) {
+
+  return getDirectChildren(userid)
+
+}
+
+var getDirectPermissionChildren = function (parentPermission) {
+
+  return getDirectChildren(parentPermission)
+
+}
+
+var getAllChildren = function (parentPermission) {
+
+  var directChildren = getDirectPermissionChildren(parentPermission)
+
+  if (directChildren.length === 0) return []
+
+  var childrensChildren = directChildren.reduce(
+    function (prevDirectChild, currDirectChild) {
+      return prevDirectChild.concat(getAllChildren(currDirectChild))
+    },
+    []
+  )
+
+  return directChildren.concat(childrensChildren)
+
+}
+
+var checkIsParent = function (parentPermission, childPermission) {
+
+  if (parentPermission === childPermission)
+    return false
+
+  var children = getAllChildren(parentPermission)
+
+  for (var i = 0; i < children.length; i++) {
+    if (children[i] === childPermission)
+      return true
+  }
+
+  return false
+}
+
+var checkAccess = function (userid, permission) {
+
+  var userPermissions = getUserPermissions(userid)
+
+  for (var i = 0; i < userPermissions.length; i++) {
+
+    if (userPermissions[i] === permission)
+      return true
+
+    if (checkIsParent(userPermissions[i], permission))
+      return true
+  }
+
+  return false
+}
+
 var admittance = function (userid) {
   return {
     is: function (permission) {
-
-      if (util.isArray(permissions[userid]))
-        if (permissions[userid].indexOf(permission) !== -1) return true
-
-      return permissions[userid] === permission
+      return checkAccess(userid, permission)
     }
   }
 }

package.json

@@ -9,8 +9,8 @@
     "coveralls": "./scripts/coveralls.sh"
   },
   "repository": {
-    "type" : "git",
-    "url" : "[email protected]:digitalsadhu/admittance.git"
+    "type": "git",
+    "url": "[email protected]:digitalsadhu/admittance.git"
   },
   "keywords": [
     "rbac",
@@ -24,14 +24,17 @@
   "contributors": [],
   "homepage": "https://github.com/digitalsadhu/admittance",
   "dependencies": {},
-  "engines": { "node" : ">=0.6 <0.12" },
+  "engines": {
+    "node": ">=0.6 <0.12"
+  },
   "author": "Richard Walker <[email protected]>",
   "license": "MIT",
   "devDependencies": {
     "mocha": "1.12.0",
     "chai": "1.7.2",
     "jshint": "~2.4.4",
     "istanbul": "~0.2.6",
-    "coveralls": "~2.8.0"
+    "coveralls": "~2.8.0",
+    "rewire": "~2.0.0"
   }
 }