Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Wrap a front-end library to control permissions for web UI elements like buttons

See original GitHub issue

Node-Casbin is only for backend Node.js applications. It can run on frontend but some functionalities like file read/write, DB access will certainly be disabled. So we need a new library for front-end only. It should be:

Can communicate with backend servers (e.g, via Node-Casbin), sync policies into browser.
Enforce the policy locally inside a browser.
Add some friendly functions especially for web, like isButtonAllowedToBeClicked().

Issue Analytics

State:
Created 3 years ago
Comments:17 (8 by maintainers)

Top GitHub Comments

2reactions

Ishaan28malikcommented, Apr 2, 2020

@hsluoyz I already mentioned this above and let me know how do you want to proceed in this further? I am ready to work upon this.

1reaction

kingiwcommented, Aug 15, 2020

CASL is similar with Node-Casbin instead of Casbin.js. The core of CASL is to set the access rules and check the permissions. To be specific, Casbin.js should provide some functionalities that the CASL support at some popular frontend library. All the management work is left for the backend server.

For Casbin.js, model configuration is transparent. What Casbin.js concerns about are the actions and the objects. It doesn’t know if the developer are using RBAC or other access-control mechanism. So I believe the core API of Casbin.js should be quite simple as follows.

Some basic API for Casbin.js enforcer are:

setUser(user : string): void. 
Set the identity of the current user.

enforce(action: string, object: string) : boolean
Check if the user (previously set) are able to apply the action on the subject.

getActions() : Array<string>
Return all the actions that the user has.

getObjects(): Array<string>
Return all the objects that related to the user.

getActionsObjects(): Map<string, Array<string>>
Return all the actions and the corresponding applicable objects.

getObjectsActions(): Map<string, Array<string>>
Return all the objects and the corresponding actions applicable on that.

This enforcer’s APIs are the cores of Casbin.js. Only after we have finished this part can we going further to design other features serving for manipulating frontend operations (like controling the permissions for web UI elements).

Top Results From Across the Web

Managing Access Control in a React App - Level Up Coding

Here the AccessControl component wraps a StatsPanel component. In this particular instance, the user has a permission to read:stats and one of the ......

How to handle permissions with Styled Components - Medium

I've searched the web for a robust way to handle permissions in the UI level in a React app, but I haven't found...

UI components | Stripe Documentation

Use Stripe's library of components to quickly build your user interface. If your app needs a frontend, use this reference documentation to compose...

How to Create and Publish a React Component Library

All code from this tutorial as a complete package is available in this repository. If you are... Tagged with webdev, react, javascript, ...

Web-based content - Android Developers

If you want to avoid leaving your app to open the browser, or if you want to customize the browser's UI, use Custom...