Resource Access Control API

This is a Node.js backend application that implements a basic access control system. It allows users, groups, and resources to interact through a flexible permission-sharing model.

✨ Features

• Users can belong to multiple groups

• Resources can be shared with:

  • Specific users
  • Groups
  • Everyone (public access)

• CRUD operations for Users, Groups, and Resources

• Access control enforcement

---

📦 Tech Stack

• Node.js with Express.js
• PostgreSQL via Prisma ORM
• TypeScript for static typing
• Jest for testing

---

🚀 Getting Started

1. Clone the repo

git clone https://github.com/samicey/resource-access-api.git
cd resource-access-api

2. Install dependencies

npm install

3. Set up environment

Create a .env file:

DATABASE_URL=""
SHADOW_DATABASE_URL=""

4. Generate and migrate database

npm run prisma:generate
npx prisma:migrate 

5. Run the app

npm run dev

---

✅ API Endpoints

Users

• POST /user – Create a user
• GET /user – List all users
• GET /user/:id – Get user by ID
• GET /user/:id/resources – Get all resources that user have access to

Groups

• POST /group – Create a group
• GET /group – List all groups

Resources

• POST /resource – Create a resource with access
• GET /resource – List all resources
• PATCH /resource/:id – Update resource access
• GET /resource/:id/access-list – Get all users with access

---

🧪 Running Tests

npm test

Tests are written using Jest and mock Prisma repositories and service dependencies.

---

🔧 Improvements (Future)

• Implementing the optional requirements for aggregation and analysis.
• more tests especially integration test
• Have response handler that will reduce code duplication
• add validations with zod for user validation
• API rate limiting & authentication