User defined as non-guest in DB, ACL only sees 'guest' role
Closed this issue · 2 comments
Deleted user commented
Trying to add this to my existing express application. I set up the webapp using this configuration:
webapp.js
let configObject = {
filename: 'nacl.json',
path: 'config'
};
let responseObject = {
status: 'Access Denied',
message: 'You are not authorized to access this resource'
};
acl.config(configObject, responseObject);
app.use(acl.authorize);
nacl.json
[
{
"group": "user",
"permissions": [
{
"resource": "pages/all",
"methods": ["POST", "GET", "PUT"],
"action": "allow"
}
]
}
]
Inside my controller I am setting up the router as such:
router.use(function(req, res, next) {
let token = req.headers['authorization'].replace('Bearer ', '');
if (token) {
jwt.verify(token, '18DXStreet!', function(err, decoded) {
if (err) {
console.log(err);
return res.send(err);
}
req.decoded = decoded;
next();
});
}
});
router.use(acl.authorize);
And the endpoint I am trying to access:
router.get('/all', passport.authenticate('jwt', { session: false }), async function(req, res) {
let pages = await Page.find({}, {'__v': false}).sort({ name: 1 });
res.json({pages: pages});
});
The JWT attached to the user is defined in the database as { role: user }
, however the application returns:
{
"status": "Access denied",
"success": false,
"message": "REQUIRED: Policy for role guest is not defined"
}
Unsure why this is occurring, would love some additional insight as to how to integrate this into my app.
Deleted user commented
Added role
to log in portion of my auth layer.
C-Spydo commented
please can you share the code portion where you added the "role" as stated above, I'm facing exactly the same issue