Roles only for authentication. about angular-client-side-auth HOT 9 CLOSED

Hi prashid!
If you want to eliminate access levels you could do a bitwise OR to combine all the user roles you want to allow to calculate the access level on the fly. So your routes which have access level user (= 110) could be declared as userRoles.user | userRoles.admin (010 | 100 = 110) instead. It's really a matter of taste, but I prefer declaring access levels up front.

PS! I just pushed a commit 41037bf wherein I make the declaration of access levels much more readable. So now I declare my access levels like so:

exports.accessLevels = {
    public: userRoles.public | userRoles.user | userRoles.admin,
    anon:   userRoles.public,
    user:   userRoles.user | userRoles.admin,
    admin:  userRoles.admin
};

Hopefully that makes it easier to work with?

from angular-client-side-auth.

Thanks alot for you help. I will look into it and get back to you if anything related to it. Thanks again.

from angular-client-side-auth.

Alright, I'll go ahead and close this issue, but feel free to reopen it if you encounter any related problems.

from angular-client-side-auth.

Hi, I have 2 questions.

What this code do?
public: userRoles.public | userRoles.user | userRoles.admin,

| is OR sign?

When this path is triggered

// User resource
{
path: '/users',
httpMethod: 'GET',
middleware: [ensureAuthenticated, ensureAuthorized, UserCtrl.index],
accessLevel: accessLevels.admin
},

Thanks

from angular-client-side-auth.

One more question with the above questions.

If I want to use CSRF in you app than need to create another cookie for that like below to make it work?

res.cookie('XSRF-TOKEN', req.session._csrf);

from angular-client-side-auth.

| in Javascript does a Binary OR of the specified operands, so public: userRoles.public | userRoles.user | userRoles.admin computes an access level based on the user roles I've specified earlier. Basically, I'm just listing up all the user roles I want to be authorized for the given access level.

As for your second question, yes, you will have to set the CSRF cookie separately. If you're using Node.js/express, you can do this using the express.csrf() middleware.

from angular-client-side-auth.

Thanks for the reply.

And when this path is triggered. I don't see anything related to /users. Is it specific to passport?

// User resource
{
path: '/users',
httpMethod: 'GET',
middleware: [ensureAuthenticated, ensureAuthorized, UserCtrl.index],
accessLevel: accessLevels.admin
},

from angular-client-side-auth.

Ah, I forgot to respond to that. That route is just to serve up a JSON feed listing the registered users. In the example app it's called via an AJAX request on the "admin" page. You can access this route directly in your browser by visiting http://your-url-here/users.

By the way, I just merged a pull request from @derekbarnhart, in which he makes it a lot easier to work with user roles and access levels. So if you check out routingConfig.js you will see that you don't have to bother with bit masks anymore, but can just declare your roles and access levels using strings instead. Hopefully that will make it a little easier to work with :)

from angular-client-side-auth.

Thanks. Got the new changes. Will be in touch.

from angular-client-side-auth.