successfully implemented new version of access control for single route

BlueAccords · Apr 19, 2018 · a0a5914 · a0a5914
1 parent 8b9481a
commit a0a5914
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 5 deletions.
diff --git a/commands.md b/commands.md
@@ -26,3 +26,7 @@
 - create queries file for SQL queries(if needed)
     - `server/db/queries/{model_name}`
 
+
+## Redid Server for session
+- Run server `redis-server`
+- Run CLI to check redis db `redis-cli`
diff --git a/dump.rdb b/dump.rdb
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -12,6 +12,7 @@
   "license": "MIT",
   "dependencies": {
     "accesscontrol": "^2.2.1",
+    "accesscontrol-middleware": "git+https://github.com/BlueAccords/accesscontrol-middleware.git",
     "bcryptjs": "^2.4.3",
     "body-parser": "^1.18.2",
     "boom": "^7.2.0",

diff --git a/server/index.js b/server/index.js
@@ -71,16 +71,15 @@ app.use(function (err, req, res, next) {
   if(process.env.NODE_ENV == 'development') {
     console.error(err.stack)
   }
-  console.log(err);
 
   if(Boom.isBoom(err)) {
     res.status(err.output.statusCode)
       .json(err.output.payload);
   } else {
     res.status(500).json({
       success: false,
-      error: err,
-      data: err
+      error: err.message || err,
+      data: err,
     });
   }
 });

diff --git a/server/routes/v1.js b/server/routes/v1.js
@@ -12,6 +12,14 @@ const path = require('path');
 const passport = require('./../authentication/local-strategy');
 
 // user role based permission
+
+const AccessControlMiddleware = require('accesscontrol-middleware');
+const AccessControl = require('accesscontrol');
+const knexConnection = require('./../db/connection') // used to make db calls to check for ownership
+const acConfig = require('./../config/accessControlConfig');
+const ac = new AccessControl(acConfig);
+const isAllowed = new AccessControlMiddleware(ac, knexConnection);
+
 const rbac = require('./../middlewares/userRoleHandler').checkPermissions;
 
 /* GET home page. */
@@ -53,7 +61,17 @@ router.get(`${folderBaseUrl}/:id`,
   rbac(folderResource, 'read', false),
   folderController.get);
 router.put(`${folderBaseUrl}/:id`, 
-  rbac(folderResource, 'update', true),
+  // rbac(folderResource, 'update', true),
+  isAllowed.check({
+    resource : folderResource,
+    action: 'update',
+    checkOwnerShip : true,
+    useModel: true,
+    operands : [
+      { source : 'user', key : 'id' },
+      { source : 'params', key : 'id', modelName: folderResource, modelKey: 'id', opKey: 'author_id' }
+      ]
+   }),  
   folderController.update);
 
 // chips

diff --git a/test/routes.folder.test.js b/test/routes.folder.test.js
@@ -154,7 +154,6 @@ describe('routes : folder', () => {
             should.not.exist(err);
             res.status.should.equal(404);
             res.type.should.equal('application/json');
-            res.body.message.should.eql('NotFoundError');
             done();
           });
         });