Reputation: 41
Express acl with single resource granularity
I am adding ACL to an nodejs/express application. I have already read the documentation for the modules acl and express-acl but there is a something missing. They don't provide examples on how to handle access to single resources.
Typical example: users can edit their own comments but can only read other users comments. So having a role that either grants or deny edit permissions to the resource comment/edit is not good enough. The permission depends on which comment the user is accessing.
Is there a way to achieve that with one of the module provided on npm or is it something that one must implement in the controller after the acl module has provided access to the resource?
Thanks
Upvotes: 1
Views: 522
Answers (1)
Reputation: 23029
We searched a lot, but found no good ACL for Node for this kind of stuff.
However in Node.js, it is really easy to just write the method as middleware, which checks the rights on specific resource and allow/deny user to it. If you do not write something really big, this is reasonable approach.
Upvotes: 2
Related Questions
- Node.js and ACL
- Node.js resource based ACL
- Node JS and Access Control
- Group/rule-based authorization approach in node.js and express.js
- ACL granularity
- How should ACL work in a REST API?
- ACL - Implement acl together with passport
- ACL express.js allow role access to subpaths
- how to define node_acl public accessible resources
- how to create ACL with mongoose-acl node.js