node_acl icon indicating copy to clipboard operation
node_acl copied to clipboard
verified publisher icon OptimalBits

Grant Access to Resource Owner Only

Open alaboudi opened this issue 8 years ago • 3 comments

Hi,

Is there another way of only allowing resource owners to access a certain resource? The documentation slightly touches on this by saying

Sometimes it may even be useful to create one role per user, to get the finest granularity possible

but this clutter my database and make a collection for every user? Is there no other way of achieving this?

alaboudi avatar Jul 22 '17 05:07 alaboudi

I'm using something like this:

resources:['someResource'],
permissions:['owner-view','other-view','owner-update','other-update']

and in controllers before checking permissions I'm checking who wants to 'view' or 'update' something by session.userId and then get result from db and check who is owner of the record, if session.userId==dbRecord.userId then I'm checking 'owner-view' permissions for this user or else 'other-view' (if admin want to view record or other user)

neuronetio avatar Jul 25 '17 13:07 neuronetio

app.put('/blogs/:id', acl.middleware(), function(req, res, next){…} Is the app in the express getting the object?

he313572052 avatar Dec 21 '17 10:12 he313572052

Is there any other way to allow access to resource owner ?

sebastien-savalle avatar May 23 '19 09:05 sebastien-savalle