/rbac-proto

Prototype: Role-Based Access Control (RBAC) in JavaScript. A foundational structure for managing user roles and permissions to secure resource access.

Primary LanguageJavaScript

RoleService Documentation

Overview

RoleService is a class-based service designed to manage user roles and control entity access. This service operates primarily in the backend, serving both as a form of middleware, and as an endpoint to handle managing roles. Its main responsibilities include granting and revoking roles from users, setting roles to access entities, and controlling the base access role required to access entities.

This service has been implemented as a prototype, focusing on clarity, simplicity, and concept illustration, with an emphasis on code structure, modularity, and readability.

Design Principle

RoleService is structured to be a linear and incremental model. The service does not modify or delete any existing records. Instead, it only appends new records, allowing for a history of role assignments and modifications to be maintained. The most recent status for a given role is inferred to be the current one, which helps in tracking and managing user roles and entity access effectively.

Middleware Nature

RoleService is intended to operate as a form of middleware in the backend of an application. It interfaces between the application’s user interface and the database, processing and responding to requests related to user roles and entity access. By serving as middleware, RoleService ensures that role-based access controls are consistently enforced across different parts of the application, providing a centralized point for managing access permissions.

Role and Entity Access Management

User Role Management

  • grantRole(userId, role): This method allows the service to grant a specified role to a user.
  • revokeRole(userId, role): This method revokes a specified role from a user.

Entity Access Role Management

  • setEntityAccessRole(entityId, roleOrUserId): This method sets a role or user ID to access a specified entity, thereby granting access either to all users with a specified role or to a specific user.
  • removeEntityAccessRole(entityId, role): This method removes a role to access a specified entity.

Scalability and Optimization

Since this is a prototype, the emphasis is on code structure, readability, and simplicity rather than optimizing for production-scale traffic. However, aspects like modularity, validation, consistent data structure, error handling, and use of constants and Enums have been considered to make the prototype robust and to illustrate the concept effectively.

Prototypal Implementation

The prototype is designed to keep logic simple, avoid over-engineering, and focus on illustrating core functionalities. Basic test cases, input validation, and error handling are implemented to validate major functionalities and prevent unexpected behaviors.