mangomodel-security

Security methods for mangomodel

npm install mangomodel-security
2 downloads in the last month

MangoModel-Security

MangoModel-Security provides some simple security utility methods for the MangoModel MongoDB wrapper.

Installing

To install, use NPM:

 npm install mangomodel-security
`

Using

To add the MongoModel-Security functionality to a MangoModel model, do the following:


var MangoModel = require('mangomodel'),
    MangoModelSecurity = require('mangomodel-security'),
    ExampleModel = MangoModel.create('example');

ExampleModel.methods(MangoModelSecurity({
    // permission go here.. ie

    user: {
        read: ['name', 'description'],
        write: ['name']
    },

    manager: {
        includes: 'user', // include all the permissions of user
        read: ['secret_stuff'],
        write: ['description', 'secret_stuff']
    }

}));

Once this has been done, you can call the utility methods on the MangoModel object. Ie:


var record = {name: 'John Doe', description: 'A regular guy', secret_stuff: 'Likes brussel sprouts'};

// Return a copy of the record with fields a user should see
ExampleModel.restrict(record, 'user'); // Return name and description

// Get a copy of the record with only fields permissible by a user updated
ExampleModel.mix(record, { name: 'John Dean', description: 'Better than regular'}, 'user'); // Only updates name

ExampleModel.mix(record, { name: 'John Dean', description: 'Better than regular'}, 'manager'); // Update all
npm loves you