[Feature request] Give us more control over the deny behaviour
TKasperczyk opened this issue · 1 comments
TKasperczyk commented
Hello,
Currently, when a user cannot access a certain URI (when your findPermissionForRoute
function returns false), the res's status code is set to 401:
express-acl/index.js:
const permission = findPermissionForRoute(
req.originalUrl,
req.method,
options.baseUrl,
policy
);
if (!permission) {
return res.status(401).json(deny(options.customMessage, options.response));
}
It would be cool if we had more control over this behaviour. My proposition: add an additional option which would allow us to pass a callback function. The callback would be executed when the permission constant is undefined or false, as shown below:
...
if (!permission) {
if (typeof options.denyCallback === 'function'){
return options.denyCallback(res);
} else {
return res.status(401).json(deny(options.customMessage, options.response));
}
}
nyambati commented
@Sarithis Would you mind raising PR on this?