how to create ACL with mongoose-acl node.js

Question

I found this library for creating an ACL (access control list) for mongoose: https://github.com/scttnlsn/mongoose-acl

It looks like a good module, but I'm a little confused on how to use it for my purpose.

I have a site where anybody (logged in or not) can visit a profile page, like example.com/users/chovy

However if the user 'chovy' is logged into this page, I want to give them admin privileges for editing the details of the account.

If the user is not 'chovy' or is not logged in, they would just see the read-only profile page for 'chovy'.

Can someone give me a concrete example of how I would do this?

Answer 1

That sounds so common, that I don't think you need an ACL. You will need to have sessions, and then you can change how the view looks based upon the current logged in user. An incomplete example would like like this:

// Assumes:
// - You set req.session.user when user logs in
// - The url route has a :name so you can do req.param() to get the name of the page being viewed

db.users.getCurrentUser(req.session.user, gotLoggedInUser)
db.users.getUserByName({name: req.param('name')}, gotUser)

And then pass this to the view, when you do a res.render() :

var is_viewing_own_page = currentUser._id.toString() === loggedInUser._id.toString()

And then the view can do something like this (assuming jade):

- if (is_viewing_own_page)
  div You are looking at your own page
- else
  div You are viewing someone else's page