A type-safe permission management library for TypeScript applications.
- 🔒 Role-based access control (RBAC)
- 📝 Type-safe permission definitions
- 🔍 Nested permission support
- ✅ Runtime validation using Zod schemas
- 🚀 Simple and intuitive API
npm install puedo
# or
yarn add puedo
# or
pnpm add puedoFirst, define your permissions structure:
const permissions = {
users: {
create: false,
read: false,
update: false,
delete: false,
},
posts: {
create: false,
read: false,
update: false,
delete: false,
}
}Then create your roles with their specific permissions:
const roles = [
{
id: "admin",
permissions: {
users: {
create: true,
read: true,
update: true,
delete: true,
},
posts: {
create: true,
read: true,
update: true,
delete: true,
},
},
},
{
id: "editor",
permissions: {
users: {
read: true,
},
posts: {
create: true,
read: true,
update: true,
},
},
},
];Initialize Puedo with your permissions and roles:
const puedo = new Puedo({
accessorKey: "role", // The key to look for in your user object
roles,
permissions
});Check permissions in your application:
const user = { role: "admin" };
const canCreatePost = puedo.can(user, "posts.create"); // true
const canDeleteUser = puedo.can(user, "users.delete"); // true
const editor = { role: "editor" };
const canCreatePost = puedo.can(editor, "posts.create"); // true
const canDeleteUser = puedo.can(editor, "users.delete"); // falsePuedo provides full TypeScript support with type inference for your permission structure.
MIT