Permissions on routes rather than on resources

Question

Permissions on routes rather than on resources

Closed this issue 7 years ago · 2 comments

Is there a possible way to give permission to an access group on routes. The routes can be dynamic too.

For example:

nacl.json looks like:

[{ "group": "user", "permissions": [{ "resource": "fans/:id/size", "methods": [ "POST", "GET", "PUT" ], "action": "allow" }] }]
This does not work until I change resource to "resource": "fans"

And if this is not possible do we have to extend the package?

Answer 1 · 2017-06-19T14:14:32.000Z

@aitchkhan This functionality has not been considered yet. I am actually impressed with your look of things. The way this module works is it picks the resource from your route, and matches it against your rules. I am positive we can extend this package to cater for this situation.

Would you mind taking a lead on this?

Answer 2 · 2018-03-27T21:24:48.000Z

@aitchkhan this functionality has been fulfilled by PR #91