From 0a6a72721a5be7741cbf4f0bb41865bef4ffa189 Mon Sep 17 00:00:00 2001 From: Nicolas Iglesias Date: Wed, 16 Mar 2016 12:20:52 -0300 Subject: [PATCH 1/4] Allow removing prefix from URL by using negative number (middleware) --- lib/acl.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/acl.js b/lib/acl.js index 9a062a9..c3b4a70 100644 --- a/lib/acl.js +++ b/lib/acl.js @@ -629,7 +629,11 @@ Acl.prototype.middleware = function(numPathComponents, userId, actions){ if(!numPathComponents){ resource = url; }else{ - resource = url.split('/').slice(0,numPathComponents+1).join('/'); + if(numPathComponents < 0){ + resource = url.split('/').splice(numPathComponents).join('/'); + }else{ + resource = url.split('/').slice(0,numPathComponents+1).join('/'); + } } if(!_actions){ From 2f82f7ba46cf77a66dae1eb2a91f23276a369e25 Mon Sep 17 00:00:00 2001 From: Nicolas Iglesias Date: Wed, 16 Mar 2016 12:45:40 -0300 Subject: [PATCH 2/4] Fix splice functionality --- lib/acl.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/acl.js b/lib/acl.js index c3b4a70..b1484ea 100644 --- a/lib/acl.js +++ b/lib/acl.js @@ -630,7 +630,8 @@ Acl.prototype.middleware = function(numPathComponents, userId, actions){ resource = url; }else{ if(numPathComponents < 0){ - resource = url.split('/').splice(numPathComponents).join('/'); + resource = url.split('/').splice(Math.abs(numPathComponents) + 1).join('/'); + console.log(resource) }else{ resource = url.split('/').slice(0,numPathComponents+1).join('/'); } From b63b23327de6a87772a782c6286b6f5b4e29e166 Mon Sep 17 00:00:00 2001 From: Nicolas Iglesias Date: Wed, 16 Mar 2016 12:46:35 -0300 Subject: [PATCH 3/4] remove debub --- lib/acl.js | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/acl.js b/lib/acl.js index b1484ea..3a5686b 100644 --- a/lib/acl.js +++ b/lib/acl.js @@ -631,7 +631,6 @@ Acl.prototype.middleware = function(numPathComponents, userId, actions){ }else{ if(numPathComponents < 0){ resource = url.split('/').splice(Math.abs(numPathComponents) + 1).join('/'); - console.log(resource) }else{ resource = url.split('/').slice(0,numPathComponents+1).join('/'); } From 72d7ac6a0b3f65de58af66378d05f1e691a9a256 Mon Sep 17 00:00:00 2001 From: Nicolas Iglesias Date: Wed, 16 Mar 2016 17:31:30 -0300 Subject: [PATCH 4/4] Add "dynamicParams" parameter to middleware --- lib/acl.js | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/lib/acl.js b/lib/acl.js index 3a5686b..b4ee151 100644 --- a/lib/acl.js +++ b/lib/acl.js @@ -579,12 +579,13 @@ Acl.prototype.clean = function(callback){ Express Middleware */ -Acl.prototype.middleware = function(numPathComponents, userId, actions){ +Acl.prototype.middleware = function(numPathComponents, userId, actions, dynamicParams){ contract(arguments) .params() .params('number') .params('number','string|number|function') .params('number','string|number|function', 'string|array') + .params('number','string|number|function', 'string|array', 'array') .end(); var acl = this; @@ -642,6 +643,18 @@ Acl.prototype.middleware = function(numPathComponents, userId, actions){ acl.logger?acl.logger.debug('Requesting '+_actions+' on '+resource+' by user '+_userId):null; + // map params + if(req.params && req.route && req.route.path && dynamicParams instanceof Array){ + var path = req.route.path; + var params = path.split(':').join('').split('/').filter(Boolean); + + dynamicParams.forEach(function(dp){ + if(params.indexOf(dp) !== -1){ + resource = resource.replace(req.params[dp], '').split('/').filter(Boolean).join('/'); + } + }); + } + acl.isAllowed(_userId, resource, _actions, function(err, allowed){ if (err){ next(new Error('Error checking permissions to access resource'));