Readme.md
Opened this issue · 2 comments
Hi guys.
Setting User Roles
I'm missing in the readme where the user roles are set. I guess that I integrate into my passport strategy after successful authentication.
UserModel.findOne { 'email': email, 'active': true }, (err, user) ->
if err
return done(err)
if !user
return done(null, false, {message: 'Emailadresse unbekannt'})
if !user.validPassword(password)
return done(null, false, {message: 'Passwort nicht korrekt'})
req.appUser = {} if !req.appUser?
switch user.permissionLevel
when 'superAmdin'
req.appUser.role = 'superAmdin'
...
done null, user
return
I have seen that there is an option to change the user userProperty
. I have seen that passport also seems to use a req.user
object if it is necessary to change the userProperty
in passport as well it would be great to mention this.
Difference between roles.is/.can and user.is/can
Is there a difference? Can roles.is('myRole') be used within a route.
PS: At the moment I'm not understanding quite how to use connect-roles please give me a short feedback on:
http://stackoverflow.com/questions/31519736/connect-roles-define-user-roles-on-login-and-user-is-function
Here's two problems I see in the README.
roles.can and roles.is are not documented
There is a mention in the documentation, but it only says that "You can use these as express route middleware", but the docs don't see what they do. Also, the example shown doesn't even use "roles.can", it uses "user.can".
user.can vs userCan
There is a documentation section on user.can(action) and user.is(action)
But the section doesn't mention user.can
nor show it in examples. Instead it shows userIs
and userCan
.
This a mismatch. Either the section header or the content seems like a typo.
I had the same issue about setting user roles, but I figured it out.
Basically since connect-roles is a middleware, every strategy has access to the req
object, which may have a user
property set by your authentication library with data from your database (or any other place where you store user data). Now, since this object gets properties and values from the database you can add a role
property to your user, and that gets attached to the req
. This way, now you have a property req.user.role
that you can use on your strategy.