Using the Permit.io SDK to Create Policies
This guide walks you through the process of using the Permit.io SDK to create and manage resources, roles, and permissions in your Node.js application.
Overview
The script allows you to set up resources and roles with specific permissions. It checks for the existence of these resources and roles in your Permit.io setup and creates or updates them as needed.
Prerequisites
Node.js installed in your environment. permitio package installed in your project.
Steps to Use the Script
Import Permit.io SDK: First, import and initialize the Permit.io SDK in your project:
const { Permit } = require('permitio');
const permit = new Permit({
pdp: 'https://cloudpdp.api.permit.io',
token: 'permit_key_',
});
Define Resources and Roles:
Define the resources and roles in your application. For example:
const resources = [
// Define resources here
];
const roles = [
// Define roles here
];
Create Policy Function:
Use the createPolicy function to iterate through the resources and roles, creating or updating them as necessary:
const createPolicy = async () => {
// Implementation here
};
Running the Script:
Execute the script to create or update your policies:
createPolicy().then(() => {
console.log("done");
}).catch((err) => {
console.log(err);
});
Example Implementation
The following example demonstrates creating resources and roles:
// Define resources
const resources = [
{
key: "employee",
name: "Employee",
// Define actions
},
// ... other resources
];
// Define roles
const roles = [
{
key: "User",
name: "User",
permissions: ["employee_doc:read", "employee_doc:update"]
},
// ... other roles
];
// Implement the createPolicy function
const createPolicy = async () => {
// Iterate through resources
// ... implementation
// Iterate through roles
// ... implementation
};
// Run the script
createPolicy().then(() => {
console.log("done");
}).catch((err) => {
console.log(err);
});
Notes
- Ensure that the pdp and token in the Permit SDK initialization are correctly set for your environment.
- The script checks for existing resources and roles before creating new ones to prevent duplication.
- If a role exists but its permissions have changed, the script updates the role with the new permissions.
Attached the full code for reference:
const { Permit } = require('permitio');
// This line initializes the SDK and connects your Node.js app
// to the Permit.io PDP container you've set up in the previous step.
const permit = new Permit({
// in production, you might need to change this url to fit your deployment
pdp: 'https://cloudpdp.api.permit.io',
// your api key
token:
'permit_key_',
});
const roles = [
{
"key": "manager",
"name": "Manager",
"description": "Default User",
"permissions": ["employee:export", "employee:delete"]
},
]
const resources = [
{
"key": "employee",
"name": "Employee",
"actions": {
"create": {
"name": "create",
},
"read-all": {
"name": "read-all"
},
"delete": {
"name": "delete"
},
"export": {
"name": "export"
},
},
},
{
"key": "task",
"name": "Task",
"actions": {
"create": {
"name": "create",
},
"read-all": {
"name": "read-all"
},
"delete": {
"name": "delete"
},
"export": {
"name": "export"
},
},
},
{
"key": "folder",
"name": "Folder",
"actions": {
"create": {
"name": "create",
},
"read-all": {
"name": "read-all"
},
"delete": {
"name": "delete"
},
"export": {
"name": "export"
},
},
}
]
const createPolicy = async () => {
// iterate through resources
for (let resource of resources) {
// check if resource exists
let resourceExists
try {
resourceExists = await permit.api.resources.get(resource.key);
} catch(err){
console.log('no resource' + resource.key);
}
// if resource don't exist create it
if (!resourceExists) {
console.log("creating resource: " + resource.key);
await permit.api.resources.create(resource);
} else {
console.log("resource already exists: " + resource.key);
}
}
// iterate through roles
for (let role of roles) {
// check if role exists
let roleExists
try {
roleExists = await permit.api.roles.get(role.key);
} catch(err){
console.log('no role' + role.key);
}
// if role don't exist create it
if (!roleExists) {
console.log("creating role: " + role.key);
await permit.api.roles.create(role);
} else {
console.log("role already exists: " + role.key);
console.log(roleExists.permissions, role.permissions)
if ((roleExists.permissions.filter(x => !role.permissions.includes(x)).length > 0) > 0 || (role.permissions.filter(x => !roleExists.permissions.includes(x)).length > 0) > 0) {
console.log("updating permissions for role: " + role.key);
// clear permissions
await permit.api.roles.removePermissions(roleExists.id, roleExists.permissions);
// add permissions
await permit.api.roles.assignPermissions(roleExists.id, role.permissions);
} else {
console.log("permissions for role: " + role.key + " are up to date");
}
}
}
}
createPolicy().then(() => {
console.log("done");
}
).catch((err) => {
console.log(err);
}
)