Access

Defined in: src/core/Access.ts:25

Represents the inner Access class that helps build an access information to be granted or denied; and finally commits it to the underlying grants model. You can get a first instance of this class by calling AccessControl#grant() or AccessControl#deny() methods.

Accessors

denied

Get Signature

get denied(): boolean

Defined in: src/core/Access.ts:101

Specifies whether this access is initially denied.

Returns

boolean

Methods

role()

role(value): Access

Defined in: src/core/Access.ts:114

A chainer method that sets the role(s) for this Access instance.

Parameters

value

string | string[]

A single or array of roles.

Returns

Access

• Self instance of Access.

---

resource()

resource(value): Access

Defined in: src/core/Access.ts:128

A chainer method that sets the resource for this Access instance.

Parameters

value

string | string[]

Target resource for this Access instance.

Returns

Access

• Self instance of Access.

---

attributes()

attributes(value): Access

Defined in: src/core/Access.ts:140

Sets the array of allowed attributes for this Access instance.

Parameters

value

string | string[]

Attributes to be set.

Returns

Access

• Self instance of Access.

---

where()

where(condition): Access

Defined in: src/core/Access.ts:159

Attaches a declarative condition to this grant — whether the grant applies at check time. Accepts the string-sugar form ('$.order.value > 100000') or canonical JSON ({ and|or|not } / [lhs, op, rhs]); it is compiled and validated when committed. Pairs with the attribute list (['*','!password']), which decides what fields return.

Parameters

condition

ConditionJSON

The condition (string sugar or canonical JSON).

Returns

Access

• Self instance of Access.

Example

ac.grant('manager')
  .where('$.order.value > 100000')
  .updateAny('order', ['*']);

---

extend()

extend(roles): Access

Defined in: src/core/Access.ts:176

Sets the roles to be extended (inherited) for this Access instance.

Parameters

roles

string | string[]

A single or array of roles.

Returns

Access

• Self instance of Access.

Example

ac.grant('user').createAny('video')
  .grant('admin').extend('user');
const permission = ac.can('admin').createAny('video');
console.log(permission.granted); // true

---

grant()

grant(roleOrInfo?): Access

Defined in: src/core/Access.ts:190

Shorthand to switch to a new Access instance with a different role within the method chain.

Parameters

roleOrInfo?

string | string[] | IAccessInfo

Either a single or an array of roles or an

Returns

Access

• A new Access instance.

Example

ac.grant('user').createOwn('video')
  .grant('admin').updateAny('video');

---

deny()

deny(roleOrInfo?): Access

Defined in: src/core/Access.ts:203

Shorthand to switch to a new Access instance with a different (or same) role within the method chain.

Parameters

roleOrInfo?

string | string[] | IAccessInfo

Either a single or an array of roles or an

Returns

Access

• A new Access instance.

Example

ac.grant('admin').createAny('video')
  .deny('user').deleteAny('video');

---

lock()

lock(): Access

Defined in: src/core/Access.ts:210

Chainable, convenience shortcut for AccessControl#lock().

Returns

Access

---

action()

action(actionSpec, resource?, attributes?): Access

Defined in: src/core/Access.ts:229

Generic authoring entry for any action — CRUD or custom. The CRUD methods (createAny, updateOwn, …) are named sugar over this same commit path. actionSpec may carry possession via the :own/:any convention (omit ⇒ any).

Parameters

actionSpec

string

Action name, optionally name:own/name:any.

resource?

string | string[]

Target resource(s).

attributes?

string | string[]

Granted attributes (defaults per grant/deny).

Returns

Access

• Self instance of Access.

Example

ac.grant('editor').action('publish', 'article', ['*']);      // publish:any
ac.grant('author').action('publish:own', 'article', ['*']);  // ownership-gated

---

do()

do(actionSpec, resource?, attributes?): Access

Defined in: src/core/Access.ts:243

The single sanctioned alias of Access#action — the one intentional exception to the v3 alias purge. Generic: CRUD and custom.

Parameters

actionSpec

string

Action name, optionally name:own/name:any.

resource?

string | string[]

Target resource(s).

attributes?

string | string[]

Granted attributes.

Returns

Access

• Self instance of Access.

---

createOwn()

createOwn(resource?, attributes?): Access

Defined in: src/core/Access.ts:266

Sets the action to "create" and possession to "own" and commits the current access instance to the underlying grant model.

Parameters

resource?

string | string[]

Defines the target resource this access is granted or denied for. This is only optional if the resource is previously defined. If not defined and omitted, this will throw.

attributes?

string | string[]

Defines the resource attributes for which the access is granted for. If access is denied previously by calling .deny() thiswill default to an empty array (which means no attributes allowed). Otherwise (if granted before via .grant()) this will default to ["*"] (which means all attributes allowed.)

Returns

Access

• Self instance of Access so that you can chain and define another access instance to be committed.

Throws

• If the access instance to be committed has any invalid data.

---

createAny()

createAny(resource?, attributes?): Access

Defined in: src/core/Access.ts:289

Sets the action to "create" and possession to "any" and commits the current access instance to the underlying grant model.

Parameters

resource?

string | string[]

Defines the target resource this access is granted or denied for. This is only optional if the resource is previously defined. If not defined and omitted, this will throw.

attributes?

string | string[]

Defines the resource attributes for which the access is granted for. If access is denied previously by calling .deny() this will default to an empty array (which means no attributes allowed). Otherwise (if granted before via .grant()) this will default to ["*"] (which means all attributes allowed.)

Returns

Access

• Self instance of Access so that you can chain and define another access instance to be committed.

Throws

• If the access instance to be committed has any invalid data.

---

readOwn()

readOwn(resource?, attributes?): Access

Defined in: src/core/Access.ts:319

Sets the action to "read" and possession to "own" and commits the current access instance to the underlying grant model.

Parameters

resource?

string | string[]

Defines the target resource this access is granted or denied for. This is only optional if the resource is previously defined. If not defined and omitted, this will throw.

attributes?

string | string[]

Defines the resource attributes for which the access is granted for. If access is denied previously by calling .deny() this will default to an empty array (which means no attributes allowed). Otherwise (if granted before via .grant()) this will default to ["*"] (which means all attributes allowed.)

Returns

Access

• Self instance of Access so that you can chain and define another access instance to be committed.

Throws

• If the access instance to be committed has any invalid data.

---

readAny()

readAny(resource?, attributes?): Access

Defined in: src/core/Access.ts:342

Sets the action to "read" and possession to "any" and commits the current access instance to the underlying grant model.

Parameters

resource?

string | string[]

Defines the target resource this access is granted or denied for. This is only optional if the resource is previously defined. If not defined and omitted, this will throw.

attributes?

string | string[]

Defines the resource attributes for which the access is granted for. If access is denied previously by calling .deny() this will default to an empty array (which means no attributes allowed). Otherwise (if granted before via .grant()) this will default to ["*"] (which means all attributes allowed.)

Returns

Access

• Self instance of Access so that you can chain and define another access instance to be committed.

Throws

• If the access instance to be committed has any invalid data.

---

updateOwn()

updateOwn(resource?, attributes?): Access

Defined in: src/core/Access.ts:372

Sets the action to "update" and possession to "own" and commits the current access instance to the underlying grant model.

Parameters

resource?

string | string[]

Defines the target resource this access is granted or denied for. This is only optional if the resource is previously defined. If not defined and omitted, this will throw.

attributes?

string | string[]

Defines the resource attributes for which the access is granted for. If access is denied previously by calling .deny() this will default to an empty array (which means no attributes allowed). Otherwise (if granted before via .grant()) this will default to ["*"] (which means all attributes allowed.)

Returns

Access

• Self instance of Access so that you can chain and define another access instance to be committed.

Throws

• If the access instance to be committed has any invalid data.

---

updateAny()

updateAny(resource?, attributes?): Access

Defined in: src/core/Access.ts:395

Sets the action to "update" and possession to "any" and commits the current access instance to the underlying grant model.

Parameters

resource?

string | string[]

Defines the target resource this access is granted or denied for. This is only optional if the resource is previously defined. If not defined and omitted, this will throw.

attributes?

string | string[]

Defines the resource attributes for which the access is granted for. If access is denied previously by calling .deny() this will default to an empty array (which means no attributes allowed). Otherwise (if granted before via .grant()) this will default to ["*"] (which means all attributes allowed.)

Returns

Access

• Self instance of Access so that you can chain and define another access instance to be committed.

Throws

• If the access instance to be committed has any invalid data.

---

deleteOwn()

deleteOwn(resource?, attributes?): Access

Defined in: src/core/Access.ts:425

Sets the action to "delete" and possession to "own" and commits the current access instance to the underlying grant model.

Parameters

resource?

string | string[]

Defines the target resource this access is granted or denied for. This is only optional if the resource is previously defined. If not defined and omitted, this will throw.

attributes?

string | string[]

Defines the resource attributes for which the access is granted for. If access is denied previously by calling .deny() this will default to an empty array (which means no attributes allowed). Otherwise (if granted before via .grant()) this will default to ["*"] (which means all attributes allowed.)

Returns

Access

• Self instance of Access so that you can chain and define another access instance to be committed.

Throws

• If the access instance to be committed has any invalid data.

---

deleteAny()

deleteAny(resource?, attributes?): Access

Defined in: src/core/Access.ts:448

Sets the action to "delete" and possession to "any" and commits the current access instance to the underlying grant model.

Parameters

resource?

string | string[]

Defines the target resource this access is granted or denied for. This is only optional if the resource is previously defined. If not defined and omitted, this will throw.

attributes?

string | string[]

Defines the resource attributes for which the access is granted for. If access is denied previously by calling .deny() this will default to an empty array (which means no attributes allowed). Otherwise (if granted before via .grant()) this will default to ["*"] (which means all attributes allowed.)

Returns

Access

• Self instance of Access so that you can chain and define another access instance to be committed.

Throws

• If the access instance to be committed has any invalid data.