2020-10-02
1124
#node
Godwin Ekuma
26047
Oct 2, 2020 â‹… 4 min read

How to use AccessControl for RBAC and ABAC in Node.js

Godwin Ekuma I learn so that I can solve problems.

Recent posts:

react view transitions and activity api tutorial

React View Transitions and Activity API tutorial: Animate an AirBnB clone

Explore the new React ViewTransition, addTransitionType, and Activity APIs by building an AirBnB clone project.

Emmanuel John
May 9, 2025 â‹… 8 min read

gRPC vs REST: Choosing the best API design approach

Compare gRPC vs REST to understand differences in performance, efficiency, and architecture for building modern APIs.

Alexander Godwin
May 9, 2025 â‹… 6 min read
Why Go wasn’t the right choice for the TypeScript compiler

Why Go wasn’t the right choice for the TypeScript compiler

The switch to Go may be a pragmatic move in the short term, but it risks alienating the very developers who built the tools that made TypeScript indispensable in the first place.

Muhammed Ali
May 8, 2025 â‹… 4 min read
how and when to use type casting in TypeScript

How and when to use type casting in TypeScript

Discover the basics and advanced use cases of type casting, how and why to use it to fix type mismatches, and gain some clarity on casting vs. assertion.

Paul Akinyemi
May 8, 2025 â‹… 14 min read
View all posts

2 Replies to "How to use AccessControl for RBAC and ABAC in Node.js"

  1. I’m glad I found this, thanks Godwin!

    Few comments/questions:
    – AccessControl was last published in February 2018. Is it still active?
    – I was confused until I realized that “post” was a resource and not a route or http method. It would be less confusing if the example resource was “article” or “video.”
    – At the beginning it states “A user can have multiple roles” but the example with Express contains “ac.can(req.user.role).readAny(‘post’)”. Can req.user.role be an array of roles?
    – There is a JSON typo: ‘read:any’: [‘*’, ‘!id]

Leave a Reply