romainlanz / adonis-guard Goto Github PK
View Code? Open in Web Editor NEW๐ฐ Authorization provider built on top of @slynova/fence
License: MIT License
๐ฐ Authorization provider built on top of @slynova/fence
License: MIT License
I'd like the current page to be styled differently in the nav bar links. I've tried passing the active page as I'm rendering them, i.e: res.render('home', {active: "home"})
,
And in the nav bar I'd like to add a class to the link if active is set to 'home'.
The only thing I've come up with is:
<a href="/" class="
@if(active == 'home')
active
@endif
">Home</a>
And this does work well, but the rendered link results in the following, which isn't really pretty.
<a href="/" class="
active
">Home</a>
Are there any support for one line conditionals? I can also incorporate some js in the page to automatically add the class based on the URL but I'd like to keep it as simple as possible.
Thanks in advance.
Guard looks good but I'm confused how it works. Would there be any chance of adding an example of an actual Gate, Policy and subsequent checks? For example: A Posts model with create, edit, delete permissions?
Currently, I have multiple authentication schemes setup in my application.
Unfortunately, adonis-guard keeps using the default guard for all application schemes, hence denying access during authorization. This results in the user instance in the guard to always be null for non-default schemes.
Here is the output of Guard when logged:
Guard { '$user': null }
It would be much better if we could alternate between the scheme adonis-guard uses per request.
Hello. It there any possibility to upgrade this package for AdonisJS v5 shortly?
Hello ๐,
I have started to use adonis and I'm doing some functional test to check if my routes have the right policy applied.
I'm trying to test users/
endpoints, this is what I have in my app/routes.js
file:
Route.resource('user', 'UserController')
.middleware(['auth'])
// policy checked with UserPolicy
.apiOnly()
here is my app/acl.js
:
'use strict'
const Gate = use('Gate')
Gate.policy('App/Models/User', 'App/Policies/UserPolicy')
and here is my app/Policies/UserPolicy.js
:
'use strict'
class UserPolicy {
async index (user) {
const userRoles = await user.getRoles()
return userRoles.includes('administrator')
}
async show (user, _user) {
const userRoles = await user.getRoles()
return userRoles.includes('administrator') || user.id === _user.id
}
async store (user) {
const userRoles = await user.getRoles()
return userRoles.includes('administrator')
}
async update (user, _user) {
const userRoles = await user.getRoles()
return userRoles.includes('administrator') || user.id === _user.id
}
async destroy (user, _user) {
const userRoles = await user.getRoles()
return userRoles.includes('administrator') || user.id === _user.id
}
}
module.exports = UserPolicy
so, here is my test/functional/user.spec.js
:
'use strict'
const User = use('User')
const { test, trait } = use('Test/Suite')('User')
trait('DatabaseTransactions')
trait('Test/ApiClient')
trait('Auth/Client')
trait('Session/Client')
test('policy: shouldn\'t have access to get users if I\'m not an admin', async ({ client }) => {
const user = await User.create({
email: '[email protected]'
})
const response = await client
.get('/api/v1/user')
.loginVia(user)
.end()
response.assertStatus(401)
})
and the after running my test I'm getting a 200 status instead:
1. policy: shouldn't have access to get users if I'm not an admin
expected 200 to equal 401
200 => 401
How can I make it work? I imagine that is just that policies are not loaded in the testing environment, and to do that I should add a trait
or something like that if it exists.
adonis-guard/src/Middleware/Can.js
Line 14 in d89338e
I believe await
should be added to the condition in this line. If an async
function is added to Gate.define
, this condition will ignore the gate result and allow the unauthorized calls to pass.
After following the instructions I made a gate but it is always denying, am I missing something?
// start/acl.js
'use strict'
const Gate = use('Gate')
Gate.define('canSee', (user, resource) => {
return true
})
// Controller
'use strict'
class TestController {
async index({ response, guard }) {
if (guard.denies('canSee')) {
return response.status(403).json({ message: 'denied' })
}
return response.json({ message: 'not denied' })
}
}
module.exports = TestController
Hello, I'm using Adonis v4 with adonis-guard.
I created a ProductPolicy:
'use strict'
class ProductPolicy {
index (user) {
//
}
show (user, product) {
//
}
create (user) {
//
}
async update (user, product) {
console.log(user, product)
}
create (edit) {
//
}
destroy (user, product) {
//
}
}
module.exports = ProductPolicy
Linked it inside to the gate inside acl.js:
Gate.policy('App/Models/Product', 'App/Policies/ProductPolicy')
And call it inside the authorize function of my validator like this:
async authorize() {
return await this.ctx.guard.allows(
'update',
this.ctx.product
)
}
I would like to pass an additional parameter to the update policy, which is the brand
, but it seems I am unable to do it.
I tried adding the parameter inside the update function like this:
async update (user, product, brand) {
console.log(user, product, brand)
}
And pass it in the validator like this:
async authorize() {
return await this.ctx.guard.allows(
'update',
this.ctx.product,
this.ctx.brand
)
}
But in my console log brand is undefined
.
How can I pass an additional parameter from my validator?
Is it possible to create async methods in policy?
Sometimes I need to check another table to verify if an user has permission, but when adding async to policy it is not recognized anymore:
destroy (user, resource) { // works
return true
}
async destroy (user, resource) { // doesn't
return true
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.