stackoom
  简体   繁体   中英

how to define node_acl public accessible resources

 原文  2016-09-29 11:39:57       node.js/ express/ node-acl

Question

guys am having a hard time wiht node_Acl.

i have adedd.

acl.allow('guest',['/docs/'],['show']);

app.use(acl.middleware);

but its shows me User is not authorized. when accessing

acl.addUserRoles('api_user', 'business',function(err) {

  if(!err) {
    log.debug("api_user with business role created");
  }
});


acl.addUserRoles('helpdesk', 'helpdesk',function(err) {

  if(!err) {
    log.debug("helpdesk with helpdesk role created");
  }
});

acl.userRoles( 'admin', function(err, roles) {
log.debug(roles);
});

acl.roleUsers( 'business', function(err, users){

  log.debug(users);
});

acl.hasRole( 'admin', 'business', function(err, hasRole) {
log.debug("admin user hasRole business =>"+hasRole);
});

acl.allow('admin', ['/api/hellobill/v1/hello'], ['get'], function(err) {
  console.log("EROOR"+err);
});

acl.allow([
        {
            roles: ['guest'],
            allows: [
                { resources: '/docs/', permissions: 'get' }
            ],
        }
    ]);


acl.allow('guest', '/docs/', ['get','put', 'delete']);


app.get('/docs/', acl.middleware(), function (req, res) {
        console.log(req);
    });

acl.allow('public', ['/', '/docs/', '/api-docs/'], 'view');

acl.whatResources('public',function(err,resources){
      console.log(resources);
 })

1 answers

solution1
 1  2016-09-29 11:50:24

I can't be certain without seeing the rest of your code, but I'm going to guess that the user in question has not been granted the 'guest' role, or else there is no active user when you hit that resource. As far as I can tell, with that library you have to explicitly grant any roles you refer to, there's no magic in the role names that imply behavior.

So at some point you'd have to do acl.addUserRoles(theUser, "guest") for it to work.

If you want a resource that is simply not protected, truly public, then I would recommend only mounting the middleware on the routes that should be protected, eg:

app.use('/private', acl.middleware())

/* Update */

OK, and what user is trying to access the resource and getting the error?

I don't think it's related, but you also don't need the slashes in your resource. So you can do acl.allow('guest', 'docs', ['get','put', 'delete']);

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question define user role node_acl, mongoose , express How to remove role of a user from particular resource in node_acl? How to implement node_acl in mean stack with node.js Integrating node_acl module with SailsJs Running 'node_acl' with mongoose on ExpressJS what is the best way to integrate node_acl with sails Node express public accessible url security How can I make my node.js app accessible public? how to create ACL with mongoose-acl node.js How to make node.js server accessible by public ip-address
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM