Node Acl dynamic links

问题

I'm trying to use the npm module Acl to implement an ACL system. The homepage can be found here: https://github.com/OptimalBits/node_acl.

The documentation shows a lot of very simple examples for giving a role access. In particular, there is a good piece of code here:

acl.allow([
    {
        roles:['guest','member'], 
        allows:[
            {resources:'blogs', permissions:'get'},
            {resources:['forums','news'], permissions:['get','put','delete']}
        ]
    },
    {
        roles:['gold','silver'], 
        allows:[
            {resources:'cash', permissions:['sell','exchange']},
            {resources:['account','deposit'], permissions:['put','delete']}
        ]
    }
])

Unfortunately, the docs don't show any examples of a more complicated url like '/blogs/:id/today'. Is it possible to set acls for these kinds of dynamic urls?

And, I also need to specify that only certain users can get their own information. This means that 'users/:id', should only work if the user's id is the same as that of the url. Is this possible?

回答1:

Their docs do cover this, unless I'm missing something. Taken from their README:

The middleware accepts 3 optional arguments, that are useful in some situations. For example, sometimes we cannot consider the whole url as the resource:

app.put('/blogs/:id/comments/:commentId', acl.middleware(3), function(req, res, next){…}

In this case the resource will be just the three first components of the url (without the ending slash).

It is also possible to add a custom userId or check for other permissions than the method:

app.put('/blogs/:id/comments/:commentId', acl.middleware(3, 'joed', 'post'), function(req, res, next){…}

回答2:

Although docs do say that node acl supports for the dynamic urls here. But after looking at the source code we do not find any reference which supports the access to the dynamic urls.

There is also an open github issue here https://github.com/OptimalBits/node_acl/issues/192 which points the same.

Although we can implement our own middleware filters to support for the dynamic urls , but I guess instead of that it should be fixed in node acl library itself.

Conclusion:- Node ACL library does not supports for urls with params (i.e. dynamic urls). But if we still want to use Node ACL library for dynamic urls the suggestion from the https://github.com/OptimalBits/node_acl/issues/192#issuecomment-226761840 can be used.

来源：https://stackoverflow.com/questions/27241891/node-acl-dynamic-links