Welcome to Adonis User Policy 👋

Adonis User Policy (Authorization).
This is a trait wich adds can and canNot methods to User Model (or other class )

🏠 Homepage

Install

adonis install @mikield/adonis-user-policy

This package relies on https://github.com/mikield/adonis-true-traits which is included when installing the user policy package. You need to register its provider in `start/app.js`

const providers = [
  ...,
  '@mikield/adonis-true-traits'
]

Usage

Mix `User` model class with a `PolicyTrait` class

'use strict'
const Model = use('Model')
const PolicyTrait = use('@mikield/adonis-user-policy')
class User extends Model {
  ...
}
module.exports = mix(User).with(PolicyTrait)

If you want to create user related policy checks, for example `user.can('createPosts')` — then, for example:

Create a Policy `User.js` under `app\Policies` folder.

'use strcit'
class User {
    static createPosts(user) {
       return !user.roles.contains('create-post') //We can check a user role for example
    }
}
module.exports = Post

And attach it to `User` model.

'use strict'
const Model = use('Model')
const PolicyTrait = use('@mikield/adonis-user-policy')
class User extends Model {
  //User policy
  static get policy(){
    return 'App/Policies/User'
  }
}
module.exports = mix(User).with(PolicyTrait)

Or if you want to check access based on another model — then, for example:

Create a Policy `Post.js` under `app\Policies` folder.

'use strcit'
class Post {
    static add(user, post) { //In this case the post will be a class and not a instance
       return !user.banned //User can create a Post if it is not banned
    }
    static edit(user, post){ //In this case the post will be a instance and not a class
       return post.owner.id === user.id //Only the owner of the post can edit the post
    }
}
module.exports = Post

Next register a Policy in other `Post` model.

'use strict'
const Model = use('Model')
class Post extends Model {
  //Post policy
  static get policy(){
    return 'App/Policies/Post'
  }
}
module.exports = Post

On a User instance call `can` or `canNot` function.

Without `Post` model.

const User = use('App/Models/User')
Route.get('/test-user-policy', async () => {
  const user = await User.find(1)
  if(user.can('createPost')) {
    ...
  }
  if(user.canNot('createPost')) {
    ...
  }
})

With `Post` model.

const User = use('App/Models/User')
const Post = use('App/Models/Post')
Route.get('/test-user-policy', async () => {
  const user = await User.find(1)
  if(user.can('add', Post)){
    ...
  }
  if(user.canNot('add', Post)){
    ...
  }
})

With `Post` instance (existing Post object).

const User = use('App/Models/User')
const Post = use('App/Models/Post')
Route.get('/test-user-policy', async () => {
  const user = await User.find(1)
  const post = await Post.find(1)
  if(user.can('edit', post)) {
    ...
  }
  if(user.canNot('edit', post)) {
    ...
  }
})

Author

👤 Vladyslav Gaysyuk

Website: https://mikield.rocks
Twitter: @AdmiralMiki
Github: @mikield
LinkedIn: @mikield

🤝 Contributing

Contributions, issues and feature requests are welcome!
Feel free to check issues page. You can also take a look at the contributing guide.

Show your support

Give a ⭐️ if this project helped you!

📝 License

This README was generated with ❤️ by readme-md-generator

Welcome to Adonis User Policy 👋

🏠 Homepage

Install

This package relies on https://github.com/mikield/adonis-true-traits which is included when installing the user policy package. You need to register its provider in start/app.js

Usage

Mix User model class with a PolicyTrait class

If you want to create user related policy checks, for example user.can('createPosts') — then, for example:

Create a Policy User.js under app\Policies folder.

And attach it to User model.