flash-oss / node_acl Goto Github PK

GHSA-fwr7-v2mv-hh25

Hi, and thanks for your valuable work with this fork!

I noticed, that Mongodb >v5 driver has dropped callback apis and acl2 does not support it yet.

I made an implementation:
https://github.com/tonila/node_acl_firebase/blob/acl2_mongodb_promise_api_backend/lib/mongodb-backend.js

MongoDB tests pass:

npm run mongo_test
npm run test_mongo_single

I can make a pull request, if requested.

I get this: insert into "acl_permissions" ("key", "value") values ($1, $2) - duplicate key value violates unique constraint "acl_permissions_pkey" when I try to create (using acl.allow) two identical roles, but with different names, and different permissions BUT the same resources. How do I even deal with this? 😕

Problem Statement

Hello, i am using this package and so far its going great, but a small thing is annoying me which is if i am using express url's as resource names in the acl allow rules then the wild cards are not supported e.g.

/api/users/login (resource 1)
/api/users/signup (resource 2)
/api/users/lremove (resource 3)

e.g. in config they would be written as

{
    "roles": [ "User" ],
    "allows": [
      { "resources": "/api/users/login", "permissions": [ "post", "put", "get", "delete" ] },
      { "resources": "/api/users/signup", "permissions": [ "post", "put", "get", "delete" ] },
      { "resources": "/api/users/remove", "permissions": [ "post", "put", "get", "delete" ] }
    ]
  }

Problem Solution Expected

now to allow these to user we have to define these separately instead of this i am expecting some thing like following in the config

{
    "roles": [ "User" ],
    "allows": [
      { "resources": "/api/users/*", "permissions": [ "post", "put", "get", "delete" ] }
    ]
  }

Bluebird folks are pushing people to move to Promises.
Any plan for this replacement? Or is the project dormant?
I'm a PM so please don't ask me for a PR :)
Thanks.

I created an issue to the original repository just in case someone has the same issue. What was noticed is that the library creates an index

I don't know how to find/contact you, but could you publish it to npm as well? the recent fix? I'm using it and I need the latest one XD Thanks

Cannot read property 'multi' of undefined

Any chance you will be removing Bluebird?
Bluebird is a dead project since node supports Promises natively.

Hi, and thanks for supporting this library. I have experience with Zend ACL and was comparing this with it.

Does this support the ability for a permission to be determined dynamically? For example, how would I only allow a user with the "editor" role to edit a "document" resource only if he is the document creator?

https://docs.zendframework.com/zend-expressive-authorization-rbac/v1/dynamic-assertion/

Thanks!

I have gone through the packages and I couldn't find any appropriate method for listing roles, resources and their permissions on it.

/**
  whatResources(role, function(err, {resourceName: [permissions]})

  Returns what resources a given role or roles have permissions over.

  whatResources(role, permissions, function(err, resources) )

  Returns what resources a role has the given permissions over, even I pass roles as an array.

  @param {String|Array} Roles
  @param {String|Array} Permissions
  @param {Function} Callback called wish the result.
*/

It return data like below,

{
  resource: [permissions]
}

But it doesn't return what role has what permissions.
I want something like below,

[{
  role: 'super-admin',
  resourcePermissions: [
    {
      resource: 'orders',
      permissions: ['get', 'put']
    },
    {
     resource: 'payments',
     permissions: ['get', 'delete']
  ]
},
....
]

import * as ACL from 'acl2';

npm install acl2 has successfully finished but I can't import the module.
Every examples in repository are written in ES5 grammar. How can I use it in TypeScript ES6?