search

ForbesLindesay / connect-roles

Provides dynamic roles based authorisation for node.js connect and express servers.
749 stars 62 forks source link

connect-roles is skipping a strategy in my code #60

Open grochadc opened 6 years ago

grochadc commented 6 years ago

I am not sure if this is a bug or maybe there is something wrong with my code...

The issue is that the user.can('access dashboard') strategy is being skipped (I checked using my debug tool. For some reason it's not even being considered.

var express = require("express"),
    passport = require("passport"),
    ConnectRoles = require('connect-roles');

var app = express();

var user = new ConnectRoles({
  failureHandler: function(req, res, action){
    res.status('403').render('403');
  }
});

app.use(passport.initialize());
app.use(passport.session());

app.use(function(req,res,next){
    res.locals.currentUser = req.user;
    next();
});

app.use(user.middleware());

//================== Connect Roles =======================

user.use('anonymous', function(req, action){
  if(!req.isAuthenticated()) return true;
});

user.use('access dashboard', function(req, action){
  if(req.user.id == req.params.user_id) return true;
});

//======================ROUTES============================
var homepage = require('./routes/homepage');
app.use('/', homepage);

// REGISTER ROUTES
var register = require('./routes/register');
app.use('/', user.is('anonymous'), register);

// LOGIN ROUTE
var login = require('./routes/login');
app.use('/', user.is('anonymous') ,login);

// DASHBOARD ROUTE
var dashboard = require('./routes/dashboard');
app.use('/', dashboard);

// CRAIGSLIST LISTING ROUTES
var listing = require('./routes/listing');
app.use('/', listing);

//LOGOUT
var logout = require('./routes/logout');
app.use('/', logout);

//ADMIN ROUTES
var admin = require('./routes/admin');
app.use('/admin', admin);

var pass = require('./routes/user-pass');
app.use('/', pass);

//Extra route I set for debugging
app.get('/user/:user_id', user.can('access dashboard'),function(req, res){
  res.send('Welcome to your dashboard');
});

app.listen(process.env.PORT || 3000, process.env.IP || 'localhost',function(){
    console.log("craigslist server has started");
});

Is there something wrong with my code?

grochadc commented 6 years ago

@ForbesLindesay

ForbesLindesay commented 6 years ago

What do you mean by "is skipped". The line if(req.user.id == req.params.user_id) return true; should be executed when someone attempts to request /user/0 (providing that the request hasn't already been handled by an earlier route). You need to narrow this test case down a lot if you want me to help you find the issue. I can't run that code as is, because there's loads of code missing, and there's also lots of stuff to read that shouldn't be relevant.