scttnlsn / mongoose-acl Goto Github PK
View Code? Open in Web Editor NEWMongoose ACL
License: MIT License
Mongoose ACL
License: MIT License
Trying to decide if there's any merit to creating an explicit revokeAccess
method?
Obviously, setAccess
with empty (or no) perms could be called, effectively revoking access. However, it might be even better to go a step further and actually delete the key(s) instead of assigning an empty array?
For object
, something like this:
schema.methods.revokeAccess = function(key) {
if (this[options.path]) {
delete this[options.path][key];
this.markModified(options.path);
}
};
On the subject
side, it probably makes sense to have separate revokeAccess
and revokeAllAccess
methods - the former for just the main key, and the latter including additional and public keys.
Thoughts? I'd be happy to submit a PR with tests if you agree.
I'm finding mongoose-acl
a very useful shortcut to what I'm trying to do, but I facing a couple of limitations with nested schemas, each with it's own permission.
Notably, the changes that needs to be made are to the toJSON
to hide the _acl
(see here) which is only called on the parent
And also, a way to query multiple access permissions when dealing with embedded documents (for example, find the parent documents according to permissions, and also filter children according to permissions)
Looking forward to hearing your thoughts about this
I've followed the documentation and set it up just like it was written. But I can't seem to get it to work.
Is there anything that needs to be done thats not in the documentation? Like adding something to the schema?
Here I set the ACL for an album.
var name = req.body.name; var album = new Album(req.body); album.save(); User.findById(req.user, function(err, user) { user.setAccess(album, ['read', 'write', 'delete']); });
And then loading in all albums that the user has access to:
User.findById(req.user, function(err, user) { Album.withAccess(user, ['read']).exec(function(err, albums) { res.send(albums); }); });
But it returns nothing, and there are no errors.
Do you know of a good article or tutorial explaining the methods used by your module?
I'm trying to figure out if I can use mongoose-acl for giving access to perform admin actions on a page (everyone else would just get read-only view of page).
For example a profile page would be readable by anyone, but only the user who owns the profile can make changes.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.