0
我正嘗試使用node_acl來管理我的應用中的授權。 但我有一個疑問,如何實現對每一位用戶定義用戶角色node_acl,mongoose,express
作用app.js
const mongoose = require('mongoose');
const app = express();
const security = require(./security/security_acl);
//----------Database Connection ------------------------------
mongoose.Promise = global.Promise;
mongoose.connect('mongodb://localhost/db_test', { useMongoClient: true })
.then(() => logger.info('Database connected'))
.catch(error => logger.error('Database connection error: $(error.message)'))
const db = mongoose.connection;
// all other middleware functions
security_acl.js
'use strict';
const mongoose = require('mongoose');
const node_acl = require('acl');
var acl;
acl = new node_acl(new node_acl.mongodbBackend(mongoose.connection.db, 'acl_'));
set_roles();
function set_roles() {
acl.allow([{
roles: 'admin',
allows: [{
resources: '/api/config',
permissions: '*'
}
]
}, {
roles: 'user',
allows: [{
resources: 'clients',
permissions: ['view', 'edit', 'delete']
}]
}, {
roles: 'guest',
allows: []
}]);
acl.addUserRoles('5863effc17a181523b12d48e', 'admin').then(function (res){
console.log('Good');
}).catch(function (err){
console.log('Bad');
});
}
module.exports = acl;
用戶模型
const userSchema = Schema({
username: {
type: String,
required: [true, 'Username can't be empty'']
},
email: {
type: String,
required: [true, 'email can't be empty'']
},
encrypted_password: {
type: String,
required: [true, 'Password can't be empty'']
},
role: {
type: Schema.Types.ObjectId,
ref: 'roles',
required: [true, 'Role can't be empty']
}
}, {
timestamps: true
});
在我的用戶模型我有一個參考模型角色。
如何可以通過用戶ID和角色功能的所有用戶acl.addUserRoles(新和先前已註冊)提前
感謝