search

tenodi / permission

Npm package for hangling user permissions for routes based on roles.
https://www.npmjs.com/package/permission
MIT License
72 stars 22 forks source link

req.user is undefined #4

Closed kahurangitama closed 8 years ago

kahurangitama commented 8 years ago

Hi there! I using PassportJS to authenticate users on my site. My routes looks like:

/routes/songs.js:

router.route('/')
  .get(Songs.renderExplore)
  .post(require('permission')(['admin']), upload.array(), Songs.create)

this is the only place where I use permission. Also I created a field named 'role' in my User schema. Then I debugged my app and observe that at this point:

if (req.isAuthenticated() && !req.user[role])
    throw new Error("User doesn't have property named: " + role + ". See Advantage Start in docs")

req.user is undefined but console.log(req.session.passport) returns me:

user: '57338a9a5c52e9159fc89095'

it mean that user is authorized and there is a record in session, but req.user is undefined; my suggestion is that permission checks req.user before it actually filled by passport.deserializeUser()

How do you use permission with Passportjs?

Thanks in advance!

tenodi commented 8 years ago

Hey, sorry for not answering immediately. I'll take a look into it these days.

kahurangitama commented 8 years ago

Sorry for disturbing, but it was my fault. For anyone who run into the same problem: double check your mongoose Schema, and rerun the server (it was my problem, I install npm, add field to existing user with MongoChef, but haven't update the Schema);

It should looks like this:

role: { type: String, default: 'member', enum: ['admin', 'moderator', 'member'] }