V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
timqian
V2EX  ›  程序员

一种尝试: 用 matrix 来定义项目的 ACL

  •  
  •   timqian ·
    timqian · 2018-02-06 14:35:03 +08:00 · 1671 次点击
    这是一个创建于 2490 天前的主题,其中的信息可能已经有所发展或是发生改变。

    因为最近做的项目需要对一些资源做简单的权限管理。老项目用的是 node_acl。功能比较全,但是对于简单的 acl 也需要连数据库。于是就在想可不可以把 ACL 搞的简单一点。

    对于简单的 ACL,表达的是 role 是否被 allow 对一个 resource 做某个操作。

    这其实可以使用一个三维矩阵来: 行代表 role 列代表 resource 第三维代表权限。

    于是做了这个小库: acl-matrix

    下面复制了下 readme, 欢迎讨论

    Usage

    1. Install
    npm install acl-matrix
    
    1. Require it
    const AclMatrix = require('acl-matrix');
    
    const roles = ['admin', 'member', 'guest'];
    const resources = ['blog', 'comment'];
    const allows = ['get', 'add', 'update', 'delete'];
    
    // Each element in matrix stores the permissions of a role to a resource.
    const matrix = [
        //   admin        member         guest
        [[1, 1, 1, 1], [1, 0, 1, 1], [1, 0, 0, 0]], // blog
        [[1, 1, 1, 1], [1, 1, 1, 1], [1, 1, 1, 0]], // comment
    ];
    
    const acl = new AclMatrix(roles, resources, allows, matrix);
    
    // 0
    acl.isAllowed('member', 'blog', 'add');
    
    // 1
    acl.isAllowed('member', 'blog', 'get');
    

    Concepts

    • roles are the types of user trying to access resources
    • allows describes the oprations user will need to do
    • matrix describes the allows relation between roles and resources;
    • third dimension of the matrix is an array of 0 and 1s, the length of array should equal to allows's. This array describes the permissions.

    For example: in the above sample code, matrix[0][2] ([1, 0, 0, 0]) means the guest role is able to 'get' the 'blog' resource, but not others.

    Parameter limits

    • Row number of matrix should eauql to resources length;
    • Collum number of matrix should eauql to role length;
    • Element number of matrix should eauql to allows length;

    Pros and Cons

    Pros

    node_acl is good, but it acquires database to store the acls. And it is relatively hard to mantain and update acl using node_acl.

    Benefits of using acl-matrix:

    1. Three dimensional matrix is the simplest way to store acl;
    2. Simple to config and simple for future change;
    3. No dependency, acl matrix can be easily shared between frontend and backend;
    4. Performance: no database needed, checking permissions is justing reading elemet in array

    Cons

    1. By using node_acl you are able to save relations between users and roles. You will need to store the role of the user youself using acl-matrix
    2. By default, permissions of each roles are fixed, which is suitable for most projects. But if you want to allow user define the acl, you will need to store multiple acl matrices

    TODOs

    Add more method for the class maybe?

    1 条回复    2018-02-06 21:00:52 +08:00
    xx19941215
        1
    xx19941215  
       2018-02-06 21:00:52 +08:00
    有意思 学的矩阵都忘了。。很难想到这 楼主是数学系转的计算机吗
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1214 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 18:04 · PVG 02:04 · LAX 10:04 · JFK 13:04
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.