[Feature request] Give us more control over the deny behaviour

Question

[Feature request] Give us more control over the deny behaviour

TKasperczyk opened this issue 6 years ago · 1 comments

Hello,

Currently, when a user cannot access a certain URI (when your findPermissionForRoute function returns false), the res's status code is set to 401:

express-acl/index.js:

  const permission = findPermissionForRoute(
    req.originalUrl,
    req.method,
    options.baseUrl,
    policy
  );

  if (!permission) {
    return res.status(401).json(deny(options.customMessage, options.response));
  }

It would be cool if we had more control over this behaviour. My proposition: add an additional option which would allow us to pass a callback function. The callback would be executed when the permission constant is undefined or false, as shown below:

  ...
  if (!permission) {
      if (typeof options.denyCallback === 'function'){
          return options.denyCallback(res);
      } else {
          return res.status(401).json(deny(options.customMessage, options.response));
      }
  }

Answer 1 · 2018-07-19T19:31:08.000Z

@Sarithis Would you mind raising PR on this?