Authorization JS

This is an example of how you could create a JavaScript DSL for creating ABAC authorization policy, comparable to XACML, but much easier to read.

A basic attribute-based policy using the DSL

This policy will allow a user with a particular group to access any resource during business hours.

allow('read')
    .of(anyResource())
    .if(and(
        User.department().is(equalTo('development')),
        timeOfDay().isDuring('9:00 PST', '17:00 PST'))
    );

A basic attributed-based policy using the underlying libraries, but not using the DSL

new Policy((request)=>{
    if (request.action == 'read') {
        let start = Environment.timeStringAsUTCMillis("9:00 PST");
        let end = Environment.timeStringAsUTCMillis("17:00 PST");
        let range = new Range(start, end - start);
        if (request.principal.department == 'development' && range.isIncluded(request.environment.now)) {
            return true;
        }
    }
    return false;
})

Policy Example 2: A resource-specific policy using the DSL

This policy will allow a user with a particular group to access the "/foo" resource.

allow('read')
    .of(resourceByPath('/foo'))
    .if(User.department().is(equalTo('development')));

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Authorization JS

A basic attribute-based policy using the DSL

A basic attributed-based policy using the underlying libraries, but not using the DSL

Policy Example 2: A resource-specific policy using the DSL

Files

README.md

Latest commit

History

README.md

File metadata and controls

Authorization JS

A basic attribute-based policy using the DSL

A basic attributed-based policy using the underlying libraries, but not using the DSL

Policy Example 2: A resource-specific policy using the DSL