flash-oss / node_acl Goto Github PK
View Code? Open in Web Editor NEWThis project forked from optimalbits/node_acl
Access control lists for node applications
License: MIT License
This project forked from optimalbits/node_acl
Access control lists for node applications
License: MIT License
Hi, and thanks for your valuable work with this fork!
I noticed, that Mongodb >v5 driver has dropped callback apis and acl2 does not support it yet.
I made an implementation:
https://github.com/tonila/node_acl_firebase/blob/acl2_mongodb_promise_api_backend/lib/mongodb-backend.js
MongoDB tests pass:
npm run mongo_test
npm run test_mongo_single
I can make a pull request, if requested.
I get this: insert into "acl_permissions" ("key", "value") values ($1, $2) - duplicate key value violates unique constraint "acl_permissions_pkey"
when I try to create (using acl.allow
) two identical roles, but with different names, and different permissions BUT the same resources. How do I even deal with this? ๐
Problem Statement
Hello, i am using this package and so far its going great, but a small thing is annoying me which is if i am using express url's as resource names in the acl allow rules then the wild cards are not supported e.g.
/api/users/login (resource 1)
/api/users/signup (resource 2)
/api/users/lremove (resource 3)
e.g. in config they would be written as
{
"roles": [ "User" ],
"allows": [
{ "resources": "/api/users/login", "permissions": [ "post", "put", "get", "delete" ] },
{ "resources": "/api/users/signup", "permissions": [ "post", "put", "get", "delete" ] },
{ "resources": "/api/users/remove", "permissions": [ "post", "put", "get", "delete" ] }
]
}
Problem Solution Expected
now to allow these to user we have to define these separately instead of this i am expecting some thing like following in the config
{
"roles": [ "User" ],
"allows": [
{ "resources": "/api/users/*", "permissions": [ "post", "put", "get", "delete" ] }
]
}
Bluebird folks are pushing people to move to Promises.
Any plan for this replacement? Or is the project dormant?
I'm a PM so please don't ask me for a PR :)
Thanks.
I created an issue to the original repository just in case someone has the same issue. What was noticed is that the library creates an index
node_acl/lib/mongodb-backend.js
Line 145 in 966d079
useSingle=false
we are not using this index as we are querying with just the key
meaning we are not using the index resulting to slow queries. Maybe the index could respect the useSingle
flag and create the correct index.
node_acl/lib/mongodb-backend.js
Line 121 in 966d079
I don't know how to find/contact you, but could you publish it to npm as well? the recent fix? I'm using it and I need the latest one XD Thanks
Cannot read property 'multi' of undefined
Any chance you will be removing Bluebird?
Bluebird is a dead project since node supports Promises natively.
Hi, and thanks for supporting this library. I have experience with Zend ACL and was comparing this with it.
Does this support the ability for a permission to be determined dynamically? For example, how would I only allow a user with the "editor" role to edit a "document" resource only if he is the document creator?
https://docs.zendframework.com/zend-expressive-authorization-rbac/v1/dynamic-assertion/
Thanks!
I have gone through the packages and I couldn't find any appropriate method for listing roles, resources and their permissions on it.
/**
whatResources(role, function(err, {resourceName: [permissions]})
Returns what resources a given role or roles have permissions over.
whatResources(role, permissions, function(err, resources) )
Returns what resources a role has the given permissions over, even I pass roles as an array.
@param {String|Array} Roles
@param {String|Array} Permissions
@param {Function} Callback called wish the result.
*/
It return data like below,
{
resource: [permissions]
}
But it doesn't return what role
has what permissions.
I want something like below,
[{
role: 'super-admin',
resourcePermissions: [
{
resource: 'orders',
permissions: ['get', 'put']
},
{
resource: 'payments',
permissions: ['get', 'delete']
]
},
....
]
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.