search

OptimalBits / node_acl

Access control lists for node applications
2.62k stars 369 forks source link

problem with acl.middleware #45

Open Pegase38 opened 10 years ago

Pegase38 commented 10 years ago

Hello,

I try to execute an exemple like this :

var acl = require('acl');

acl = new acl(new acl.memoryBackend());

// error checking callback var cb = function(err){ if(err) console.log(err); } acl.allow([{ roles: 'admin', allows: [{ resources: 'db', permissions: ['write', 'delete','read'] }] },{ roles: 'user', allows: [{ resources: 'home', permissions: 'read' }] }],cb);

// assing user ids to roles acl.addUserRoles("john","user",cb); acl.addUserRoles("mary","admin",cb);

app.get('/home', acl.middleware(1, 'john', 'write'), home.index); // home.index is my route

and i got the following error : Express 500 [object Object] at new HttpError (E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\acl.js:489:11) at E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\acl.js:532:14 at E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\acl.js:685:13 at Object.MemoryBackend.union (E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\memory-backend.js:78:7) at E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\acl.js:679:22 at Object.MemoryBackend.union (E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\memory-backend.js:78:7) at Acl._checkPermissions (E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\acl.js:666:16) at Acl.areAnyRolesAllowed (E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\acl.js:387:10) at E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\acl.js:359:12 at Object.MemoryBackend.get (E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\memory-backend.js:55:7)

How use this middleware to controle the route access?

Thanks for your help :)

icompuiz commented 10 years ago

In your example, middleware will check if the user with id 'john' has 'write' permissions on the resource '/home'.

As I understand it, the resource node-acl will be checking against is '/home' with the leading slash rather than 'home' without the leading slash.

That said, in general resource names are just strings. If your resource name is 'xyz', that is fine. However, the middleware function expects resource names to be in a path format, with slashes.

icompuiz commented 10 years ago

Also, unless you have some technical restrictions, I suggest you use the common HTTP verbs -- get, post, put, and delete -- rather than read, write, list, destroy.

Pegase38 commented 10 years ago

Thanks for your response.

I change the resource "home" for "/home", but still have this exception : 500 [object Object] at new HttpError (E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\acl.js:489:11) at E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\acl.js:532:14 at E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\acl.js:685:13 at Object.MemoryBackend.union (E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\memory-backend.js:78:7) at E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\acl.js:679:22 at Object.MemoryBackend.union (E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\memory-backend.js:76:7) at Acl._checkPermissions (E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\acl.js:666:16) at Acl.areAnyRolesAllowed (E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\acl.js:387:10) at E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\acl.js:359:12 at Object.MemoryBackend.get (E:\00_Work\99_Programmes\Enide-Studio\ws\TestProject\node_modules\acl\lib\memory-backend.js:55:7)

It's appear when permission mismatch. Can i catch it to make a redirection to "unauthorization" page ?

icompuiz commented 10 years ago

I have an idea of what it may be. addUserRoles is asynchronous, so you may need to wait until each add user role operation is complete before continuing to the next statement. I don't know if this is the proper form, but the idea is that you nest your statements in the callback functions.

I suggest you look at the async node library for how to tidy up asynchronous statements. Google: node async

manast commented 10 years ago

You do not need async, all acl methods return promises, so you can use bluebird or whenjs

icompuiz commented 10 years ago

Whoops, I must have overlooked that part when reading the docs.

-----Original Message----- From: "Manuel Astudillo" notifications@github.com Sent: ‎2/‎27/‎2014 2:52 PM To: "OptimalBits/node_acl" node_acl@noreply.github.com Cc: "Isioma Nnodum" isioma.nnodum@gmail.com Subject: Re: [node_acl] problem with acl.middleware (#45)

You do not need async, all acl methods return promises, so you can use bluebird or whenjs — Reply to this email directly or view it on GitHub.

Pegase38 commented 10 years ago

assume that my user doesn"t have any role. Why exception? and why it's works when he can access?

danwit commented 10 years ago

I don't know if this is still a problem for op. But since this issue is still open, i'll try to help here anyways ;)

If you use express, maybe adding an error handler like this does the trick:

// You need this to correctly route the error middleware
app.use(app.router);
app.use(function(err, req, res, next) {
    // Move on if everything is alright
    if(!err) return next();
    // Something is wrong, inform user
    res.send( err.msg, err.errorCode );
});