romainlanz / adonis-guard Goto Github PK

I'd like the current page to be styled differently in the nav bar links. I've tried passing the active page as I'm rendering them, i.e: res.render('home', {active: "home"}),
And in the nav bar I'd like to add a class to the link if active is set to 'home'.
The only thing I've come up with is:

<a href="/" class="
                @if(active == 'home')
                active
                @endif
                ">Home</a>

And this does work well, but the rendered link results in the following, which isn't really pretty.

<a href="/" class="
                  active

                  ">Home</a>

Are there any support for one line conditionals? I can also incorporate some js in the page to automatically add the class based on the URL but I'd like to keep it as simple as possible.

Thanks in advance.

Guard looks good but I'm confused how it works. Would there be any chance of adding an example of an actual Gate, Policy and subsequent checks? For example: A Posts model with create, edit, delete permissions?

Currently, I have multiple authentication schemes setup in my application.

Unfortunately, adonis-guard keeps using the default guard for all application schemes, hence denying access during authorization. This results in the user instance in the guard to always be null for non-default schemes.

Here is the output of Guard when logged:

Guard { '$user': null }

It would be much better if we could alternate between the scheme adonis-guard uses per request.

Hello. It there any possibility to upgrade this package for AdonisJS v5 shortly?

Hello 👋,

I have started to use adonis and I'm doing some functional test to check if my routes have the right policy applied.

I'm trying to test users/ endpoints, this is what I have in my app/routes.js file:

  Route.resource('user', 'UserController')
    .middleware(['auth'])
    // policy checked with UserPolicy
    .apiOnly()

here is my app/acl.js:

'use strict'

const Gate = use('Gate')

Gate.policy('App/Models/User', 'App/Policies/UserPolicy')

and here is my app/Policies/UserPolicy.js:

'use strict'

class UserPolicy {
  async index (user) {
    const userRoles = await user.getRoles()
    return userRoles.includes('administrator')
  }

  async show (user, _user) {
    const userRoles = await user.getRoles()
    return userRoles.includes('administrator') || user.id === _user.id
  }

  async store (user) {
    const userRoles = await user.getRoles()
    return userRoles.includes('administrator')
  }

  async update (user, _user) {
    const userRoles = await user.getRoles()
    return userRoles.includes('administrator') || user.id === _user.id
  }

  async destroy (user, _user) {
    const userRoles = await user.getRoles()
    return userRoles.includes('administrator') || user.id === _user.id
  }
}

module.exports = UserPolicy

so, here is my test/functional/user.spec.js:

'use strict'

const User = use('User')
const { test, trait } = use('Test/Suite')('User')

trait('DatabaseTransactions')
trait('Test/ApiClient')
trait('Auth/Client')
trait('Session/Client')

test('policy: shouldn\'t have access to get users if I\'m not an admin', async ({ client }) => {
  const user = await User.create({
    email: '[email protected]'
  })

  const response = await client
    .get('/api/v1/user')
    .loginVia(user)
    .end()
  response.assertStatus(401)
})

and the after running my test I'm getting a 200 status instead:

  1. policy: shouldn't have access to get users if I'm not an admin
  expected 200 to equal 401
  200 => 401

How can I make it work? I imagine that is just that policies are not loaded in the testing environment, and to do that I should add a trait or something like that if it exists.

I believe await should be added to the condition in this line. If an async function is added to Gate.define, this condition will ignore the gate result and allow the unauthorized calls to pass.

After following the instructions I made a gate but it is always denying, am I missing something?

// start/acl.js
'use strict'

const Gate = use('Gate')

Gate.define('canSee', (user, resource) => {
    return true
})

// Controller
'use strict'

class TestController {
    async index({ response, guard }) {
        if (guard.denies('canSee')) {
            return response.status(403).json({ message: 'denied' })
        }
        return response.json({ message: 'not denied'  })
    }
}

module.exports = TestController

Hello, I'm using Adonis v4 with adonis-guard.
I created a ProductPolicy:

'use strict'
class ProductPolicy {
  index (user) {
    //
  }
  show (user, product) {
    //
  }
  create (user) {
    //
  }
  async update (user, product) {
    console.log(user, product)
  }
  create (edit) {
    //
  }
  destroy (user, product) {
    //
  }
}
module.exports = ProductPolicy

Linked it inside to the gate inside acl.js:

Gate.policy('App/Models/Product', 'App/Policies/ProductPolicy')

And call it inside the authorize function of my validator like this:

async authorize() {
    return await this.ctx.guard.allows(
        'update',
        this.ctx.product
    )
}

I would like to pass an additional parameter to the update policy, which is the brand, but it seems I am unable to do it.

I tried adding the parameter inside the update function like this:

  async update (user, product, brand) {
    console.log(user, product, brand)
  }

And pass it in the validator like this:

async authorize() {
    return await this.ctx.guard.allows(
        'update',
        this.ctx.product,
        this.ctx.brand
    )
}

But in my console log brand is undefined.

How can I pass an additional parameter from my validator?

Is it possible to create async methods in policy?

Sometimes I need to check another table to verify if an user has permission, but when adding async to policy it is not recognized anymore:

destroy (user, resource) { // works
  return true
}

async destroy (user, resource) { // doesn't
  return true
}