search

ForbesLindesay / connect-roles

Provides dynamic roles based authorisation for node.js connect and express servers.
749 stars 62 forks source link

Please support using varaiable name without path #34

Open ghost opened 10 years ago

ghost commented 10 years ago

Maybe some api like this.

roles.use('edit user', ':userID')

instead of 

roles.use('edit user', '/user/:userID')

Express has 'param' method. http://expressjs.com/api.html#app.param

ForbesLindesay commented 10 years ago

Interesting idea, how about:

roles.use('edit user', ['userID'], fn)

That way you could add additional parameters to the array to match against multiple parameters.

You could already do something very similar to this as:

roles.use('edit user', function (req) {
  if (req.params.userID) {
    // check access to the userID here
  }
});

This would work because connect-roles passes through the existing params anyway. It might be nice to have an easier way to encode that list of params though. We could then do something like:

roles.use('edit user', ['userID'], function (req, userID) {
  // check access to the userID here
});

I'd be happy to accept a pull request for this.

ghost commented 10 years ago

Okay. I'll do it asap I have time to do it.