2020-10-02
1124
#node
Godwin Ekuma
26047
Oct 2, 2020 â‹… 4 min read

How to use AccessControl for RBAC and ABAC in Node.js

Godwin Ekuma I learn so that I can solve problems.

Recent posts:

CSS typography in white on a vibrant red geometric background. Article will focus on the CSS backdrop-filter property and its various functions, including blur, grayscale, brightness, and drop-shadow.

How to use the CSS backdrop-filter property

Backdrop and background have similar meanings, as they both refer to the area behind something. The main difference is that […]

Oscar Jite-Orimiono
Oct 4, 2024 â‹… 10 min read
6 AI Tools For API Testing And Development

6 AI tools for API testing and development

AI tools like IBM API Connect and Postbot can streamline writing and executing API tests and guard against AI hallucinations or other complications.

Frank Joseph
Oct 3, 2024 â‹… 12 min read
Patterns For Efficient DOM Manipulation With Vanilla JavaScript

Patterns for efficient DOM manipulation with vanilla JavaScript

Explore DOM manipulation patterns in JavaScript, such as choosing the right querySelector, caching elements, improving event handling, and more.

Joe Attardi
Oct 2, 2024 â‹… 8 min read
Integrating Chrome's New `Window.ai` API In A Vue App

Integrating AI features in Vue using Chrome’s `window.ai` API

`window.ai` integrates AI capabilities directly into the browser for more sophisticated client-side functionality without relying heavily on server-side processing.

Emmanuel John
Oct 1, 2024 â‹… 10 min read
View all posts

2 Replies to "How to use AccessControl for RBAC and ABAC in Node.js"

  1. I’m glad I found this, thanks Godwin!

    Few comments/questions:
    – AccessControl was last published in February 2018. Is it still active?
    – I was confused until I realized that “post” was a resource and not a route or http method. It would be less confusing if the example resource was “article” or “video.”
    – At the beginning it states “A user can have multiple roles” but the example with Express contains “ac.can(req.user.role).readAny(‘post’)”. Can req.user.role be an array of roles?
    – There is a JSON typo: ‘read:any’: [‘*’, ‘!id]

Leave a Reply