我正在使用https://github.com/onury/accesscontrol库和https://github.com/scandinave/accessControlMiddleware中间件。
我有GrantsObject,其中admin-role拥有对所有资源的完全访问权限,但是中间件使我抛出403。
此库在哪里了解req.user对象中的哪个字段需要检查?
module.exports.permissions = {
admin: {
users: {
'create:any': ['*'],
'read:any': ['*'],
'update:any': ['*'],
'delete:any': ['*']
}
},
user: {
users: {
'create:own': ['*', '!salt', '!hash'],
'read:own': ['*'],
'update:own': ['*', '!rating', '!views'],
'delete:own': ['*']
}
}
};
const ac = new AccessControl(permissions);
const AccessControlMiddleware = require('@scandinave/access-control-middleware');
const acm = new AccessControlMiddleware({
secret: process.env.JWT_SECRET,
accessControl: ac,
userIdKey: '_id'
});
router.get('/', acm.check([{ resource: 'users', action: 'read' }]), controller.getAllUsers);
{
_id: 5c8c0b795ea0d2230c874bbe,
name: 'EvgeniyUpdateTwoLast',
email: 'test@test.ua',
__v: 0,
img: 'https://i.imgur.com/rLsU09I.png',
sex: 'male',
dob: '1991-02-07T21:00:00.000Z',
lang: 'en',
role: 'admin',
info: 'info about me',
}