JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 221
  • Score
    100M100P100Q86935F

Identity client

Package Exports

  • identity

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (identity) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Actionhero Identity initializer

  • be sure to enable the plugin within actionhero (config/api.js)
  • you will need to add the identity package (npm install identity --save) to your package.json

configure your identity connection via config/identity.js

Every identity client has an id and secret to authenticate the application. Additionally every application has multiple roles, entities and values. An identity user can have multiple roles and every role could have multiple entities attached to it.

E.g. you have an issue tracking application. There are multiple projects and you'd like to grant User X only access to certain projects. Project is the entity and every project in your application is a value.

      entities:{
        project:{
          name: 'Project',
          model: 'Project' //Define your OpenRecord model here to automatically sync all values
        }
      }

To attach Project A and B to User X, create a role "User" first and attach the entity Project to it

      roles: {      
        user:{
          name: 'User',
          entities: [{
            id: 'project',
            allow_multiple: true,
            allow_blank: false
          }]
        }
      }

Now you could grant User X permissions to Project A and B via the admin web interface of identity.

OpenRecord permission plugin

New method permission in the definition scope 

this.permission({
  admin: true, //allowes everything for the admin role
  
  user:{
    find: function(){
      this.where({id: this.context.getValues('project')}); //Allowes the user role to only find specified projects
    },
    
    fields: {
      all: 'find', //allow all fields, except turnover and probaility_rate
      turnover: false,
      probaility_rate: false
    }
  },
  
  lead:{
    fields:{ //Allow the lead role to see all fields of all specified projects
      all: function(r){ return this.context.hasValue('project', r.id, 'lead'); }
    }
  }
});

SpecHelper

Global object test has the following methods: test.action(name[, params, connectionParams], callback) test.loginAs(username).action(name, params, callback) test.insufficientPermissions(callback)

e.g. to test for insufficient permissions:

  it('"projects:destroy" should fail', function(done){    
    test.loginAs('user').action('projects:destroy', {id: 1}, test.insufficientPermissions(done));
  });