User defined as non-guest in DB, ACL only sees 'guest' role

Question

User defined as non-guest in DB, ACL only sees 'guest' role

Closed this issue 6 years ago · 2 comments

Trying to add this to my existing express application. I set up the webapp using this configuration:

webapp.js

let configObject = {
		filename: 'nacl.json',
		path: 'config'
	};
 
	let responseObject = {
		status: 'Access Denied',
		message: 'You are not authorized to access this resource'
	};

	acl.config(configObject, responseObject);
	app.use(acl.authorize);

nacl.json

[
  {
    "group": "user",
    "permissions": [
      {
        "resource": "pages/all",
        "methods": ["POST", "GET", "PUT"],
        "action": "allow"
      }
    ]
  }
]

Inside my controller I am setting up the router as such:

router.use(function(req, res, next) {
	let token = req.headers['authorization'].replace('Bearer ', '');

	if (token) {
		jwt.verify(token, '18DXStreet!', function(err, decoded) {
			if (err) {
				console.log(err);
				return res.send(err);
			}
			req.decoded = decoded;
			next();
		});
	}
});

router.use(acl.authorize);

And the endpoint I am trying to access:

router.get('/all', passport.authenticate('jwt', { session: false }), async function(req, res) {

	let pages = await Page.find({}, {'__v': false}).sort({ name: 1 });
	res.json({pages: pages});
});

The JWT attached to the user is defined in the database as { role: user }, however the application returns:

{
    "status": "Access denied",
    "success": false,
    "message": "REQUIRED: Policy for role guest is not defined"
}

Unsure why this is occurring, would love some additional insight as to how to integrate this into my app.

Answer 1 · 2018-04-24T19:25:58.000Z

Added role to log in portion of my auth layer.

Answer 2 · 2018-07-16T15:41:07.000Z

please can you share the code portion where you added the "role" as stated above, I'm facing exactly the same issue