search

onury / accesscontrol

Role and Attribute based Access Control for Node.js
https://onury.io/accesscontrol
MIT License
2.2k stars 178 forks source link

Is there a way to get action? #69

Open fdorantesm opened 5 years ago

fdorantesm commented 5 years ago

Hi.

I'm using a middleware grouping role permissions, i got permissions, attributes and role except action. 

/**
   * Middleware to grant or deny products creation.
   *
   * @param {Request} req
   * @param {Response} res
   * @param {Function} next
   */
  static async canCreateProducts (req, res, next) {
    const permission = User.canCreateProducts(req.acl.role)
    console.log({ permission: permission.action })
    if (permission.granted) {
      req.acl = { ...(req.acl || {}), ...permission.attributes }
      next()
    } else {
      res.boom.forbidden()
    }
  }
onury commented 5 years ago

Hi. Since permission is checked "for" an action (and resource), code should be aware of it. Per your abstraction; canCreateProducts method indicates action is create.

fdorantesm commented 5 years ago

I need a to include both perms in a single middleware. I'm returning a Permission but I can't identify it's action.

I returned an object with role, permissions, action and possession to know permission match.

El lun., 15 abr. 2019 16:42, Onur Yıldırım notifications@github.com escribió:

Hi. Since permission is checked "for" an action (and resource), code should be aware of it. Per your abstraction; canCreateProducts method indicates action is create.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/onury/accesscontrol/issues/69#issuecomment-483429819, or mute the thread https://github.com/notifications/unsubscribe-auth/ASetlD0Uk4uVnGnFycewIb7531YNTfxRks5vhPJCgaJpZM4cwlbr .