What do you guys use for advanced authorization beyond, user, guest and admin?
I created a project permit-authorize, which is a bit similar to CanCan in the Rails world.
It uses permit objects as an extra abstraction to encapsulate a specific set of permission rules for some “domain” (any logical entity/grouping/category really). It includes caching for performance and loading of rules from any JSON source (file, data store etc.)
Available for both client and server via npm and bower.
Give it a try
Minimal dependencies (a few lodash functions, custom light build of lodash).