Extends Apache Shiro expression such that permissions can be dynamically expanded.

Usage no npm install needed!

<script type="module">
  import shiroExpander from '';


Shiro expander Circle CI

Summarize Apache Shiro statements by expressing them using relations between different entities.


npm install --save shiro-expander


This library allows statements to be summarized into a single statement, the syntax for such a summarized statement is as follows:


You can then define rules which dictate how this expression is expanded, to expand this statement we create 2 rules.

Expand the relation user -> me into user ids.

expander.createRule('user', 'me', function(rule, ids, cb) {
    // Find the user associated with the current user
    someDatabase.query('a-query', function(err, result) {

Expand the relation file -> user into file ids.

expander.createRule('file', 'user', function(rule, ids, cb) {
    // Find the files owned by the users in `ids`.

    someDatabase.query('select files where userId in ids', function( err, result) {
        var fileIds =, function(f) { return; });
        cb(err, fileIds);

Finally expand the rule using the created expander:

expander.expand('file:write:{user:me}', function(err, statements) {
    // Statements will contain a rule for each `fileId` in `fileIds`.
    // Statements is an array with values in the following format `file:write:<fileId>`

Rule generation

Some rules will be inferred from the rules already generated.

From the rules below we will be able to infer other rules:

file -> user
user -> organization
organization -> me

The library will automatically generate the following rules:

file -> organization
file -> me
user -> me

These will chain the rules such that there is a path between each relation.

file -> me
file -> user -> organization -> me


Examples are available in the examples folder of this repository.


Feel free to send me a Pull Request / Issue if you think something is broken or can be improved upon.

To run tests locally you simple run npm test

If you are making changes to the library grunt watch will keep your changes in check with coding style and run the unit tests to ensure nothing breaks.