Node.js SDK Examples
Init the SDK
import { Permit } from "permitio";
const permit = new Permit({
// the API key to the Permit environment you wish to connect to
token: "<YOUR_API_KEY>",
// the url in which the SDK can connect to the PDP container
pdp: "http://localhost:7766",
// use this to turn on sdk logs
log: {
level: "debug",
},
});
Resources
Create a resource
import { Permit, ResourceRead } from "permitio";
const permit = new Permit({ token: "<YOUR_API_KEY>" });
const document: ResourceRead = await permit.api.resources.create({
key: "document",
name: "Document",
urn: "prn:gdrive:document",
description: "google drive document",
actions: {
create: {},
read: {},
update: {},
delete: {},
},
attributes: {
private: {
type: "bool",
description: "whether the document is private",
},
},
});
Update a resource
import { Permit, ResourceRead, ResourceUpdate } from "permitio";
const permit = new Permit({ token: "<YOUR_API_KEY>" });
const document: ResourceRead = await permit.api.resources.update(
"document",
// the resource fields to update (type: ResourceUpdate)
{
description: "google drive document",
}
);
List all resources
import { Permit, ResourceRead } from "permitio";
const permit = new Permit({ token: "<YOUR_API_KEY>" });
const resources: ResourceRead[] = await permit.api.resources.list();
Get a resource
Get a resource with key document
:
import { Permit, ResourceRead } from "permitio";
const permit = new Permit({ token: "<YOUR_API_KEY>" });
const document: ResourceRead = await permit.api.resources.get("document");
Error handling
import { Permit, PermitApiError } from "permitio";
const permit = new Permit({ token: "<YOUR_API_KEY>" });
// handle not found error
try {
await permit.api.resources.get("nosuchresource");
} catch (error) {
if (error instanceof PermitApiError) {
if (error.response?.status === 404) {
console.log(`not found!`);
} else {
// ...
}
}
}
// handle cannot create object due to key conflict:
try {
await permit.api.resources.create({
key: "document",
name: "Document",
actions: {
create: {},
read: {},
update: {},
delete: {},
},
});
} catch (error) {
if (error instanceof PermitApiError) {
if (error.response?.status === 409) {
console.log(`already exists!`);
} else {
// ...
}
}
}
Roles
Create a role
import { Permit, RoleRead } from "permitio";
const permit = new Permit({ token: "<YOUR_API_KEY>" });
const admin: RoleRead = await permit.api.roles.create({
key: "admin",
name: "Admin",
description: "an admin role",
permissions: ["document:create", "document:read"],
});
Tenants
Create a tenant
import { Permit, TenantRead } from "permitio";
const permit = new Permit({ token: "<YOUR_API_KEY>" });
const tenant: TenantRead = await permit.api.tenants.create({
key: "tesla",
name: "Tesla Inc",
description: "The car company",
});
Users
Create or update a user (sync user)
import { Permit } from "permitio";
const permit = new Permit({ token: "<YOUR_API_KEY>" });
// if created, initially the user will have no assigned roles
// in order to assign roles, call `permit.api.users.assignRole`
const { user } = await permit.api.users.sync({
key: "auth0|elon",
email: "elonmusk@tesla.com",
first_name: "Elon",
last_name: "Musk",
attributes: {
age: 50,
favoriteColor: "red",
},
});
Role Assignments
Assign a role to a user in a tenant
import { Permit } from "permitio";
const permit = new Permit({ token: "<YOUR_API_KEY>" });
const ra = await permit.api.users.assignRole({
user: "auth0|elon",
role: "viewer",
tenant: "tesla",
});
Checking Permissions
import { Permit } from "permitio";
const permit = new Permit({ token: "<YOUR_API_KEY>" });
// in order to be permitted according to the RBAC policy, a few conditions must be met:
// 1) the user must exist in the permit system (you called sync user before)
// 2) the checked resource belongs to tenant X
// 3) the user has an assigned role in tenant X (the user must have at
// least one assigned role in the tenant that contains the resource)
// 4) the role assigned to the user must have the permission to perform
// the checked action on the checked resource
const permitted = await permit.check(
// the user key
"auth0|elon",
// the action
"create",
// the resource
{
// the type of the resource (resource.key)
type: "document",
// the tenant that contains the resource
tenant: "tesla",
}
);
if (permitted) {
console.log("permitted");
} else {
console.log("denied");
}