search

OptimalBits / node_acl

Access control lists for node applications
2.62k stars 369 forks source link

req.params.id solution, help needed #205

Closed cookie-ag closed 8 years ago

cookie-ag commented 8 years ago 
var acl = require("acl");
var node_acl = new acl(new acl.memoryBackend());

//01 - Bind roles to resources
node_acl.allow('role01', '/resource01/:param1', 'get');

//02 - Middleware to assign roles to user

- Some code

//03 - Normalizing routes to ignore params

exports.HandlingParamsonAuthorization = function(req, res, next) {

    var parts = req.path.split('/');
    var i = 0;
    var newparts;

    for (i = 0; i < parts.length; i++) {
        if (parts[i] == '57cc79487a6643572fe5813b') {
            parts[i] = ':param' + i;
        }
    }
    newparts = parts.join('/');
    console.log(newparts);

    //Checking if this route has the required permission
    node_acl.isAllowed(req.user, newparts, req.method, function(err, res) {
        if (res) {
            console.log(res);
            next();
        }
    })

    next();
}

//04 - Enforce this to all routes
app.use(node_acl.middleware());

It fails to work when i do GET /resource01/57cc79487a6643572fe5813b it shows /resource01/:param1 but shows the error "insufficient permissions". Please help.

akaustel commented 8 years ago

A proposed solution:

node_acl.allow('role01', '/resource01', 'get');

and also set 1 optional parameter (to check for permission for resource /resource01 and not /resource01/57cc79487a6643572fe5813b). Obviously you should register the middleware according to paths and number of parameters.

app.use(node_acl.middleware(1));

Solves your problem?

cookie-ag commented 8 years ago

Thanks.

Solved by using custom middleware which uses acl.isallowed(). I used req.route.path instead of req.path to normalize params on urls.

akaustel commented 8 years ago

Ok. Good. Is this thread still active then?