Readme.md

Question

Readme.md

Opened this issue 9 years ago · 2 comments

Hi guys.

Setting User Roles

I'm missing in the readme where the user roles are set. I guess that I integrate into my passport strategy after successful authentication.

    UserModel.findOne { 'email': email, 'active': true }, (err, user) ->
      if err
        return done(err)
      if !user
        return done(null, false, {message: 'Emailadresse unbekannt'})
      if !user.validPassword(password)
        return done(null, false, {message: 'Passwort nicht korrekt'})

      req.appUser = {} if !req.appUser?
      switch user.permissionLevel
        when 'superAmdin'
          req.appUser.role = 'superAmdin'
       ...
      done null, user
    return

I have seen that there is an option to change the user userProperty. I have seen that passport also seems to use a req.user object if it is necessary to change the userProperty in passport as well it would be great to mention this.

Difference between roles.is/.can and user.is/can

Is there a difference? Can roles.is('myRole') be used within a route.

PS: At the moment I'm not understanding quite how to use connect-roles please give me a short feedback on:
http://stackoverflow.com/questions/31519736/connect-roles-define-user-roles-on-login-and-user-is-function

Answer 1 · 2016-10-31T18:26:29.000Z

Here's two problems I see in the README.

roles.can and roles.is are not documented

There is a mention in the documentation, but it only says that "You can use these as express route middleware", but the docs don't see what they do. Also, the example shown doesn't even use "roles.can", it uses "user.can".

user.can vs userCan

There is a documentation section on user.can(action) and user.is(action)

But the section doesn't mention user.can nor show it in examples. Instead it shows userIs and userCan.

This a mismatch. Either the section header or the content seems like a typo.

Answer 2 · 2018-04-12T17:24:46.000Z

I had the same issue about setting user roles, but I figured it out.

Basically since connect-roles is a middleware, every strategy has access to the req object, which may have a user property set by your authentication library with data from your database (or any other place where you store user data). Now, since this object gets properties and values from the database you can add a role property to your user, and that gets attached to the req. This way, now you have a property req.user.role that you can use on your strategy.