search

nyambati / express-acl

This is a express module that enables you to implement ACL with much ease
https://nyambati.github.io/express-acl/
MIT License
227 stars 51 forks source link

Unable to use it as middleware #131

Closed tejpartapg closed 5 years ago

tejpartapg commented 5 years ago

@nyambati . I liked the simplicity of this package. However I have an issue when I try to use it as a middleware within a route. For example, please find attached code: express-acl-issue.txt

When I try to to reach the route that I don't want user's to reach per the permissions defined in acl.json, I am still getting the data back. Expected result would be to receive status code 403 and status message of 'Access Denied'. From looking at my code could you please let me know if I am doing anything wrong here.

Thank you in advance.

nyambati commented 5 years ago

@tejpartapg Is there a reason you wrapped the acl.authorize in another middleware? this method is a middleware already try changing it to router.get('/', [auth,acl.authorize], user.getTokens), as i can tell the acl.authorize is not executed within your check role method.;

tejpartapg commented 5 years ago

@nyambati .. I tried your way too, but it still applies to all other routes. Not sure if I had done something wrong, but I'll try that again. But for the record could you please confirm if using it the way you have mentioned, would apply for the route that I specify this middleware in? However, I'll still dig deeper into this later on today and get back to you with my findings.

On a second note, I tried using the unless method, but I wasn't able to get it to work when I used this middleware before all my routes - "router.use(acl.authorize.unless({}))". Any thoughts on that?

Thanks,

nyambati commented 5 years ago

@tejpartapg If you apply this middleware per route it will only work on the specified route. Which means all other routes will not be affected. I might need more than the information you have provided to give an accurate answer. The .unless method pulls its functionality from express-unless package you can find the documentation on how to use it.

tejpartapg commented 5 years ago

Thanks @nyambati.. Let me apply the changes you have mentioned and get back to you. I briefly skimmed over express-unless documentation and if need be then I'll dig deeper. Thanks for your help and for quick replies.

Tej Gill

nyambati commented 5 years ago

You are welcome

tejpartapg commented 5 years ago

@nyambati .. I appreciate your feedback on this. I was able to get the middleware to work the way you had suggested. There was a bug in my code that had initially broke my application. But overall this is a great package and quite simple to implement in a project.