node_acl icon indicating copy to clipboard operation
node_acl copied to clipboard
verified publisher icon OptimalBits

how do node acl know or get or read User and Role data at request ?

Open dawondyifraw opened this issue 9 years ago • 1 comments

For example.

i use jsonwentoken.

after checkingToken i set the req data for the userId.

req.user = "user";

but how do ACL get the user data from request and apply rules and permission. Please am confused ?

dawondyifraw avatar Sep 29 '16 12:09 dawondyifraw

As per my understanding, you also need to specifically pull out role data from acl. Assuming you already have a role created in acl with allowed resources and saved the user with it, something like

acl.whatResources (req.user.role, function(resources)){
      req.role_data = resources ; 
      //call next function 
      next();
});

Then in your api routes, you might have to specifically check if req.role_data contains access to that resource route.

Or easier is to use the middleware to check permissions before a route as mentioned in the use cases of this library. But then your resource permissions need to be constructed in a fashion that library understands.

jangdmanish avatar Sep 30 '16 11:09 jangdmanish