dynamic policy create

[subodh2508]

I am quite newbie for using hapi js.

i want to create dynamic policy using mysql database, Whenever i write callback function it gives me error, can you please provide me some example for the same? also how to write callback

server.register({ register: require('hapi-rbac'), options: { policy: function (request, callback) { var roles = request.auth.credentials.group;

    var pol = "{ \n\t target: ['any-of', ";
     for(var i = 0; i<roles.length ; i++){
        pol = pol+ "{type: 'credentials:group', value: '"+roles[i]+"'}, ";
    } 
        pol = pol.substring(0, pol.length-2);

    pol = pol+" ], \n\t apply:  'permit-overrides', \n\t rules: [\n\t\t{\n\t\t\t target: ['any-of', {type: 'credentials:group', value: 'admin'}], \n\t\t\t effect: 'permit'\n\t\t}\n\t]\n}";

    //callback(null, pol);
    return callback(null, pol);
}

} }, function(err) { if(err){ throw err; } });

Please suggest me any solution...

[franciscogouveia]

Hi!

I spotted some problems in your implementation.

• Problem 1: you are obtaining the group from request.auth.credentials:

var roles = request.auth.credentials.group;

I believe that you don't really want to do this. hapi-rbac reads this values for you when you specify credentials:group in the target type. What you want to do instead, is retrieving the groups from your database (in your case from MySQL) that will match the request.auth.credentials.group.

• Problem 2: You are configuring the policy as global. This policy will be applied to all your routes. I am not sure if that's what you want.
• Problem 3: You are passing a string instead of a JSON object to the callback.

So, try to do this instead:

server.register({
    register: require('hapi-rbac'),
    options: {
        policy: function (request, callback) {
            const path = request.route.path;
            const method = request.route.method;

            // Obtain the policy groups for the path and method (because this is a global configuration)
            getPolicyGroupsFromMySQL(path, method, function (err, data) {

                if(err) {
                    return callback(err);
                }

                // Assuming your data is an array of groups
                // We add 'any-of' as first element
                data.unshift('any-of');

                const policy = {
                    target: data,
                    apply: 'permit-overrides',
                    rules: [
                        {
                            target: ['any-of', 
                                {type: 'credentials:group', value: 'admin'}
                            ],
                            effect: 'permit'
                        }
                    ]
                };

                callback(null, policy);
            });

        }
    }
}, function(err) {
    if(err) {
        throw err;
    }

    // load other plugins / start server...
});

[subodh2508]

Hello sir,

Thank you for your prompt reply which help me to resolve issue pending for more than a week. Appreciate your effort.

Thanks,

Subodh Sonawane.

From: Francisco Gouveia [mailto:notifications@github.com] Sent: 11 February 2016 22:40 To: franciscogouveia/hapi-rbac Cc: subodh2508 Subject: Re: [hapi-rbac] dynamic policy create (#19)

Hi!

I spotted some problems in your implementation.

• Problem 1: you are obtaining the group from request.auth.credentials:

var roles = request.auth.credentials.group;

I believe that you don't really want to do this. hapi-rbac reads this values for you when you specify credentials:group in the target type. What you want to do instead, is retrieving the groups from your database (in your case from MySQL) that will match the request.auth.credentials.group.

· Problem 2: You are configuring the policy as global. This policy will be applied to all your routes. I am not sure if that's what you want.

· Problem 3: You are passing a string instead of a JSON object to the callback.

So, try to do this instead:

server.register({ register: require('hapi-rbac'), options: { policy: function (request, callback) { const path = request.route.path; const method = request.route.method;

        // Obtain the policy groups for the path and method (because this is a global configuration)
        getPolicyGroupsFromMySQL(path, method, function (err, data) {

            if(err) {
                return callback(err);
            }

            // Assuming your data is an array of groups
            // We add 'any-of' as first element
            data.unshift('any-of');

            const policy = {
                target: data,
                apply: 'permit-overrides',
                rules: [
                    {
                        target: ['any-of', 
                            {type: 'credentials:group', value: 'admin'}
                        ],
                        effect: 'permit'
                    }
                ]
            };

            callback(null, policy);
        });

    }
}

}, function(err) { if(err) { throw err; }

// load other plugins / start server...

});

— Reply to this email directly or view it on GitHub https://github.com/franciscogouveia/hapi-rbac/issues/19#issuecomment-182961358 .Description: Image removed by sender.

[franciscogouveia]

Great that it helped you. Closing the issue then.