policy-control helps you decide if a user is authorized to act on a resource. No assumptions are made about your data or how you make authorization decisions. With policy-control policies, you are in full control of how your application makes authroizations decisions. Policies allow you to choose what action, resource, data, and rules you need to make a decision and the rest is taken care of.
$ yarn add policy-controlA user making the request.
A resource the user is acting on.
The action the user is taking on the resource.
A policy can be defined for specific resources and actions and when evaluated will process rules to determine whether an action is allowed.
A rule can load data and evaluates to a boolean response.
A loader will load data into the decision context which can be used to help evaluate rules.
Context refers to the data store for our loaders to use. Context can also be primed and cleared as needed.
A decider can evaluate and reduce a set of policies to an authorization decision.
An authorization decision returns a permission response (Allow, Deny, Indeterminate).
Each authorization decision follows the same flow and can be demonstrated by a simple authorized GET request:
- Alice does GET on /post/123.
- API receives call and authenticates Alice.
- API asks policy control for a decision, Is Alice authorized to read post 123?
- Policy Control finds and applies any policies for reading posts.
- Each policy loads necessary attributes, evaluates rules, and returns a decision.
- Policy decisions are reduced to a final authorization decision (e.g. Allow, Deny, Indeterminate)
- If decision is Allow the request is continued, otherwise an authorization error (401) is thrown.
Below are several examples intended to help you see how policy-control can be used in your project:
- Flexible policies
- Simple API - no "extras"
- Effecient data fetching
- Very lightweight
- Extensible
- TypeScript support
- User/Resource/Action policies
- Async data loading built-in