search

onury / accesscontrol

Role and Attribute based Access Control for Node.js
https://onury.io/accesscontrol
MIT License
2.21k stars 178 forks source link

Problem with Notation #19

Closed jyotman closed 7 years ago

jyotman commented 7 years ago 
accessControl.grant('user').create('project', ['*', '!approved']);
accessControl.grant('admin').extend('user').create('project');

accessControl.can('user').create('project').attributes; // [ '*', '!approved' ] ✔️
accessControl.can('admin').create('project').attributes; // [ '*', '!approved' ] ❌
accessControl.can(['user', 'admin']).create('project').attributes; // [ '*' ] ✔️

As you can see, the last two lines should have produces the same results - [ '*' ]. So i debugged the code and found that the problem seems to be with the Notation module that AccessControl uses.

notation.Glob.union(['*', '!approved'], ['*']); // [ '*' ]
notation.Glob.union(['*'], ['*', '!approved']) // [ '*', '!approved' ]

Then I also saw that you might've fixed the issue in Notation. Am I right in assuming that this bug will be fixed when it start using the latest Notation module version? :1st_place_medal:

onury commented 7 years ago

Yes @jyotman, I've fixed it in dep. module Notation. Also improved some other things.

I'm working on AccessControl right now. Expect a new release soon. Thanks.

onury commented 7 years ago

Fixed in v2.0.0