search

tenodi / permission

Npm package for hangling user permissions for routes based on roles.
https://www.npmjs.com/package/permission
MIT License
72 stars 22 forks source link

Allow the req.user[role] to be an array of roles. #3

Closed snlacks closed 7 years ago

snlacks commented 8 years ago

What about something like this in index.js? (This is not the most elegant algorithm nor did I run it yet. It's just an idea at this point.)

if (req.isAuthenticated()) {
  if (!roles || roles.indexOf(req.user[role]) > -1){
    after(req, res, next, permission.AUTHORIZED);
  } else if (req.user[role].hasProperty('forEach)) {
    var perm = permission.NOT_AUTHORIZED;
    req.user[role].forEach(function(userRole, i){
        if(!roles || roles.indexOf(userRole) > -1) perm = permission.AUTHORIZED;
    }
    after(req, res, next, perm);
 } else {
    after(req, res, next, permission.NOT_AUTHORIZED);
  }
}
else {
  after(req, res, next, permission.NOT_AUTHENTICATED);
}
tenodi commented 8 years ago

Hey, sorry for not answering soon enough. I'll take a look into it these days.

Globik commented 8 years ago

It would be nice with combination of mongodb's built-in roles and access grunts.

czytelny commented 7 years ago

it's added