mongodb - design pattern with rule engine and node.js to handle permissions -

mongodb - design pattern with rule engine and node.js to handle permissions -

i have requirement utilize rule engine implement role permissions in scheme ( overkill? ) permissions kind of complicated , complex itself. got confused in how grant access or not using rule-engine.

i have doubts design should utilize in order implement in scalable , maintainable way. help in design or explain me how utilize rule engine great.

using nools, mongodb, node.js backend.

i thinking in creating rule engine instance encapsulating nools ( anti-pattern inner-platform maybe?) in bootstrap of node.js app , allow global variable.

something like:

'use strict'; var nools = require('nools'); var flows = require('./rule-engine.flows'); // flow container of rules, each flow category of rules // in same flow have more specific subcategories actiongroups? // i'm creating ruleengine instance contain nools i'm not sure // if practice, have maybe encapsulate boilerplate code // or straight forwards operations in future.. don't sure of this. var ruleengine = function(){ this.nools = nools; }; ruleengine.prototype.getflowsession = function(flow){ if(this.nools.hasflow(flow)){ homecoming this.nools.getflow(flow).getsession(); }else{ var fl = this.nools.flow(flow, flows[flow]); homecoming fl.getsession(); } }; ruleengine.prototype.createrule = function(flow, rule){ if(this.nools.hasflow(flow)){ // implementation add together rules flow } }; ruleengine.prototype.editrule = function(flow, rule, update){}; ruleengine.prototype.retractrule = function(flow, rule){}; //could global object, or cache object should single object. if(!global.ruleengine){ var ruleengineinstance = new ruleengine(); global.ruleengine = ruleengineinstance; } //module.exports = global.ruleengine;

rule-engine.flow:

'use strict'; var flowname = function(flow){ // query rules database or cache.. add together rules flow. // query bla bla function(results){ for(var i=0; i<results.length; i++) flow.rule(results[i].name, results[i].constraints, results[i].action); // alternately, bootstrap create flow, // , create function add, modify or retract rules of specific flow. // improve design approach ? or combine 2 approach ? // bring database first time, , later utilize rulemodify, // rulecreate or rule retract functions. }; module.exports = { flowname: flowname, // each flow category of rules scheme flowname2: flowname2 };

how utilize implement permissions, way communicate rule engine , external app / code through events?

these rules created mess ( @ same time ones used create flowname simulating cache rules or mongodb rules ).

var results = [ { name: 'userallow', constraints: [object, 'obj', 'obj.systemrole === \'user\''], action: function(facts, session, next){ session.emit('event:userallow', {data: 'user allow'}); next(); } }, { name: 'usernotallow', constraints: [object, 'obj', 'obj.systemrole !== \'user\''], action: function(facts, session, next){ session.emit('event:usernotallow', {data: 'user not allow'}); next(); } }, { name: 'adminallow', constraints: [object, 'obj', 'obj.systemrole === \'admin\''], action: function(facts, session, next){ session.emit('event:adminallow', {data: 'admin allow!'}); next(); } }, { name: 'adminnotallow', constraints: [object, 'obj', 'obj.systemrole !== \'admin\''], action: function(facts, session, next){ session.emit('event:adminnotallow', {data: 'admin not allow'}); next(); } } ];

so few rules, want grant access when user.systemrole admin example.. should utilize events in next way?

x-method in system:

//validate delete ruleengine... supposed admin able delete var self = this; var session = ruleengine.getflowsession('flowname'); session.assert({systemrole: user.role}); //user.role = 'user' || 'admin' session.on('event:adminallow', function(d){ console.log('do job because user admin'); // delete implementation. }); session.on('event:adminnotallow', function(d){ console.log('user not allow because not admin'); }); session.on('fire',function(name){ console.log(name); }); session.match().then(function(){ session.dispose(); });

so far have problems implementation.. events can fire more 1 time , can't allow fire twice on delete operation or create operation or things that.

so besides error need prepare ( don't sure how ) edit:

i commented lastly next() of rules, , after events fired once. have other doubts:

have practices broken or anti-patterns? this scalable , easy maintain? is normal way of working rule-engines? pros , cons of implementation? is there improve way?

thanks in advance help.

are committed using nools? if not, there much simpler (imho) alternative creating access command scheme using node_acl.

the access command scheme based on 3 things, roles; resources , permissions. define roles , resources , set permissions of each role each resource. instance, have role "admin" , set permission "can modify" on resource "system configuration". need assign users roles needed.

i happy provide sample code if can check out tutorial wrote on creating access command scheme nodejs.

node.js mongodb events rule-engine nools