Node Dynamic Links Acl
I am trying to use the npm Acl module to implement an ACL system. The home page is here: https://github.com/OptimalBits/node_acl .
There are many simple examples in the documentation for granting access to roles. In particular, there is some good code here:
acl.allow([
{
roles:['guest','member'],
allows:[
{resources:'blogs', permissions:'get'},
{resources:['forums','news'], permissions:['get','put','delete']}
]
},
{
roles:['gold','silver'],
allows:[
{resources:'cash', permissions:['sell','exchange']},
{resources:['account','deposit'], permissions:['put','delete']}
]
}
])
Unfortunately, there are no examples of a more complex url in the docs like '/ blogs /: id / today'. Can acls be set for these types of dynamic urls?
And I also need to point out that only some users can get their own information. This means that "users /: id" should only work if the user ID is the same as the user ID. Is it possible?
source to share
Their docs really cover this, if I don't miss something. Taken from the README:
Middleware takes 3 optional arguments which are useful in some situations. For example, sometimes we cannot treat the entire URL as a resource:
app.put('/blogs/:id/comments/:commentId', acl.middleware(3), function(req, res, next){…}
In this case, the resource will be just the first three url components (no forward slash).
It is also possible to add custom user id or check other permissions than method:
app.put('/blogs/:id/comments/:commentId', acl.middleware(3, 'joed', 'post'), function(req, res, next){…}
source to share