访问控制中间件如何了解需要检查用户对象内部的字段?

时间:2019-04-09 20:33:07

标签: node.js express middleware roles access-control

我正在使用https://github.com/onury/accesscontrol库和https://github.com/scandinave/accessControlMiddleware中间件。

我有GrantsObject,其中admin-role拥有对所有资源的完全访问权限,但是中间件使我抛出403。

此库在哪里了解req.user对象中的哪个字段需要检查?

module.exports.permissions = {
    admin: {
        users: {
            'create:any': ['*'],
            'read:any': ['*'],
            'update:any': ['*'],
            'delete:any': ['*']
        }
    },
    user: {
        users: {
            'create:own': ['*', '!salt', '!hash'],
            'read:own': ['*'],
            'update:own': ['*', '!rating', '!views'],
            'delete:own': ['*']
        }
    }
};

const ac = new AccessControl(permissions);
const AccessControlMiddleware = require('@scandinave/access-control-middleware');
const acm = new AccessControlMiddleware({
    secret: process.env.JWT_SECRET,
    accessControl: ac,
    userIdKey: '_id'
});

router.get('/', acm.check([{ resource: 'users', action: 'read' }]), controller.getAllUsers);

{
  _id: 5c8c0b795ea0d2230c874bbe,
  name: 'EvgeniyUpdateTwoLast',
  email: 'test@test.ua',
  __v: 0,
  img: 'https://i.imgur.com/rLsU09I.png',
  sex: 'male',
  dob: '1991-02-07T21:00:00.000Z',
  lang: 'en',
  role: 'admin',
  info: 'info about me',
}

0 个答案:

没有答案