Why the response is always insufficient permissions?

OptimalBits / node_acl

Access control lists for node applications

2.62k stars 369 forks source link

Why the response is always insufficient permissions? #204

Closed Emiya0306 closed 8 years ago

Emiya0306 commented 8 years ago

I follow the README, and write a demo here, but I always get a 'insufficient permissions' error and the code is 500. When I get http://localhost:3000/blogs/213, it will have this error.

const Acl = require('acl')
const path = require('path')
const express = require('express')
const Mongoose = require('mongoose')
const session = require('express-session')
const mongoose = Mongoose.connect('mongodb://localhost/test')

const dbInstance = mongoose.connection.db

const app = express()

app.use(session({secret: '123'}))

//const acl = new Acl(new Acl.mongodbBackend(dbInstance))
const acl = new Acl(new Acl.memoryBackend())

acl.allow('guest', 'blogs', ['get', 'post', 'delete', 'view'])
acl.addUserRoles('person1', 'guest')

app.use(function(req, res, next) {
    req.session.userId = 'person1'
    next()
})

app.get('/blogs/:id', acl.middleware(), function(req, res, next) {
    res.json('aaa')
})

app.listen(3000)

akaustel commented 8 years ago

It would seem it does not exactly work as advertised, but quite close though. It seems to require the first slash of the url when checking the resource:

acl.allow('guest', '/blogs', ['get', 'post', 'delete', 'view'])

also added an optional parameter to check for /blogs instead of /blogs/213, like so:

app.get('/blogs/:id', acl.middleware(1), function(req, res, next) {

Does this solve your problem?

Emiya0306 commented 8 years ago

Cool! It works! Thank @akaustel 👍