Infrastructure/verdaccio
0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-30 22:34:10 -05:00
Code Issues Activity

docs: use $all access (#1083)

Browse source
This commit is contained in:
ambar 2018-10-20 15:10:07 +08:00 committed by Juan Picado @jotadeveloper
parent bc78a5d761
commit be4672d11e
1 changed files with 27 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
docs/packages.md
View file

@ -15,28 +15,29 @@ For more information about permissions visit [the authentification section in th
packages: packages:
# scoped packages # scoped packages
'@scope/*': '@scope/*':
access: all access: $all
publish: all publish: $all
proxy: server2 proxy: server2
'private-*': 'private-*':
access: all access: $all
publish: all publish: $all
proxy: uplink1 proxy: uplink1
'**': '**':
# allow all users (including non-authenticated users) to read and # allow all users (including non-authenticated users) to read and
# publish all packages # publish all packages
access: all access: $all
publish: all publish: $all
proxy: uplink2 proxy: uplink2
``` ```
if none is specified, the default one remains if none is specified, the default one remains
```yaml ```yaml
packages: packages:
'**': '**':
access: all access: $all
publish: $authenticated publish: $authenticated
``` ```
@ -45,6 +46,7 @@ The list of valid groups according the default plugins are
```js ```js
'$all', '$anonymous', '@all', '@anonymous', 'all', 'undefined', 'anonymous' '$all', '$anonymous', '@all', '@anonymous', 'all', 'undefined', 'anonymous'
``` ```
All users recieve all those set of permissions independently of is anonymous or not plus the groups provided by the plugin, in case of `htpasswd` return the username as a group. For instance, if you are logged as `npmUser` the list of groups will be. All users recieve all those set of permissions independently of is anonymous or not plus the groups provided by the plugin, in case of `htpasswd` return the username as a group. For instance, if you are logged as `npmUser` the list of groups will be.
```js ```js
@ -72,6 +74,7 @@ npm ERR! 403 Forbidden: npmuser-core@latest
npm ERR! A complete log of this run can be found in: npm ERR! A complete log of this run can be found in:
npm ERR! /Users/user/.npm/_logs/2017-07-02T12_20_14_834Z-debug.log npm ERR! /Users/user/.npm/_logs/2017-07-02T12_20_14_834Z-debug.log
``` ```
You can change the existing behaviour using a different plugin authentication. `verdaccio` just checks whether the user that tried to access or publish a specific package belongs to the right group. You can change the existing behaviour using a different plugin authentication. `verdaccio` just checks whether the user that tried to access or publish a specific package belongs to the right group.
#### Set multiple groups #### Set multiple groups
@ -87,7 +90,6 @@ Defining multiple access groups is fairly easy, just define them with a white sp
access: secret super-secret-area ultra-secret-area access: secret super-secret-area ultra-secret-area
publish: secret ultra-secret-area publish: secret ultra-secret-area
proxy: server1 proxy: server1
``` ```
#### Blocking access to set of packages #### Blocking access to set of packages
@ -98,9 +100,10 @@ If you want to block the acccess/publish to a specific group of packages. Just d
packages: packages:
'old-*': 'old-*':
'**': '**':
access: all access: $all
publish: $authenticated publish: $authenticated
``` ```
#### Blocking proxying a set of specific packages #### Blocking proxying a set of specific packages
You might want to block one or several packages from fetching from remote repositories., but, at the same time, allow others to access different *uplinks*. You might want to block one or several packages from fetching from remote repositories., but, at the same time, allow others to access different *uplinks*.
@ -119,10 +122,11 @@ packages:
access: $all access: $all
publish: $authenticated publish: $authenticated
'**': '**':
access: all access: $all
publish: $authenticated publish: $authenticated
proxy: npmjs proxy: npmjs
``` ```
Let's describe what we want with the above example: Let's describe what we want with the above example:
* I want to host my own `jquery` dependency but I need to avoid proxying it. * I want to host my own `jquery` dependency but I need to avoid proxying it.
@ -144,7 +148,3 @@ proxy | string | No |npmjs | all | limit look ups for specific uplink
storage | boolean | No | [true,false] | all | TODO storage | boolean | No | [true,false] | all | TODO
> We higlight that we recommend to not use **allow_access**/**allow_publish** and **proxy_access** anymore, those are deprecated and will soon be removed, please use the short version of each of those (**access**/**publish**/**proxy**). > We higlight that we recommend to not use **allow_access**/**allow_publish** and **proxy_access** anymore, those are deprecated and will soon be removed, please use the short version of each of those (**access**/**publish**/**proxy**).