search

OptimalBits / node_acl

Access control lists for node applications
2.62k stars 371 forks source link

acl.middleware causes Error: Broke parameter contract #170

Open vrghost242 opened 8 years ago

vrghost242 commented 8 years ago

So thought I would set up acl for my site, and it seemed like using the mongoose _id was an easy way to use the system. Thought I would use acl.middleware to define check if the user have the right to call a specific route.

I load acl as follows var acl = require('acl'); //Lets start the acl as well acl = new acl(new acl.mongodbBackend(cfgDB.mongoUrl, 'acl'));

I then created a function to return the value of req.user._id

function getUserId(req, res){
    userId=req.user._id;
    return(userId)
}

The document for acl.middleware does indicate that it should be able to use such a function, but I am not certain if that is the right way to do it :)

Last the route it self

//router.post()
router.get('/rest/access/list/me', acl.middleware(3,getUserId,"read"), function(req, res, next){

    var reply = {};
    reply.whoami = req.user._id;
    reply.url = req.url;
    res.send(reply)
})

I am not certain how I would call getUserId ensuring that req,res, or if acl.middleware should even be used that way, but I get the following error message.

Broke parameter contract

Error: Broke parameter contract
    at Function.contract.end (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/acl/lib/contract.js:51:11)
    at Acl.isAllowed (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/acl/lib/acl.js:464:6)
    at /Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/acl/lib/acl.js:639:9
    at Layer.handle [as handle_request] (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/lib/router/layer.js:95:5)
    at next (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/lib/router/route.js:131:13)
    at Route.dispatch (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/lib/router/layer.js:95:5)
    at /Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/lib/router/index.js:277:22
    at Function.process_params (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/lib/router/index.js:330:12)
    at next (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/lib/router/index.js:271:10)
    at Function.handle (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/lib/router/index.js:176:3)
    at router (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/lib/router/index.js:46:12)
    at Layer.handle [as handle_request] (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/lib/router/index.js:312:13)
    at /Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/lib/router/index.js:280:7
    at Function.process_params (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/lib/router/index.js:330:12)
    at next (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/lib/router/index.js:271:10)
    at SendStream.error (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/node_modules/serve-static/index.js:120:7)
    at emitOne (events.js:77:13)
    at SendStream.emit (events.js:169:7)
    at SendStream.error (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/node_modules/send/index.js:245:17)
    at SendStream.onStatError (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/express/node_modules/send/index.js:356:12)
vrghost242 commented 8 years ago

OK, found the first issue, it requires a string, req.user._id was a ObjectId, so changed it to a string with the same number and I get a new problem. Still not certain if this is just because I am just doing this wrong

Error checking permissions to access resource

Error: Error checking permissions to access resource
    at /Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/acl/lib/acl.js:641:14
    at tryCatcher (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/acl/node_modules/bluebird/js/main/util.js:26:23)
    at Promise.errorAdapter (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/acl/node_modules/bluebird/js/main/nodeify.js:36:34)
    at Promise._settlePromiseAt (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/acl/node_modules/bluebird/js/main/promise.js:579:21)
    at Promise._settlePromises (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/acl/node_modules/bluebird/js/main/promise.js:697:14)
    at Async._drainQueue (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/acl/node_modules/bluebird/js/main/async.js:123:16)
    at Async._drainQueues (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/acl/node_modules/bluebird/js/main/async.js:133:10)
    at Immediate.Async.drainQueues [as _onImmediate] (/Users/bengtbjorkberg/WebstormProjects/DBFSKnowledge2/node_modules/acl/node_modules/bluebird/js/main/async.js:15:14)
    at processImmediate [as _immediateCallback] (timers.js:383:17)
ajmueller commented 8 years ago

@vrghost242 Did you ever get this resolved? I'm running into the same issue as well and my setup is nearly identical to yours in customizing the middleware function call.

ajmueller commented 8 years ago

@vrghost242 I did a bit more digging and the issue on my end appears to be that I'm not connecting to the database. Adding the line console.log(err); here, I get the following error:

[TypeError: Cannot read property 'collection' of undefined]

Frankly I have no idea why it's not connecting as my code is rather simple and consistent with my code elsewhere that I connect to the ACL datastore.

var express = require('express');
var router = express.Router();
var userController = require('../controllers/user');
var mongoose = require('mongoose');
var config = require('../config');
var acl = require('acl');

var aclInstance = new acl(new acl.mongodbBackend(mongoose.connection.db, config.db.aclCollectionPrefix));

router.get('/list', aclInstance.middleware(2, userController.getUserId), userController.list.get);

module.exports = router;

This is one of my routes files.

vrghost242 commented 8 years ago

I must admit I decided not to use ACL at this time:)

ajmueller commented 8 years ago

@vrghost242 no worries, I got it working! It was a really dumb mistake on my part. In my app file, while bootstrapping the application, I required the route files before I actually connected to my database, so they didn't know what the database connection value was.

RjVishnu commented 1 year ago

If Your are adding a data as string when you have to use them as string for example you added a = '800' and used as a = 800 this is the root cause to that issue