Public Role Usage about sails-permissions HOT 4 OPEN

Are you able to provide any information on this. At present it's unusable if it's not possible to grant public/anonymous users access to certain things.

from sails-permissions.

OK I've realised what's happening now. The sessionAuth policy is requiring the user to be logged in so no matter what permissions are set up they must be logged in first. This can be fixed by allowing access to actions through policies.js but this seems to defeat some of the purpose of this system.

Not sure if this would work, but I've seen this method used elsewhere, is users that are not logged would be assigned to a default anonymous user account, which would have a role of public only. I believe this would then make it possible to use the public role to grant access for anon users.

I think all that would be required is to include a default anon user account along with the default admin one and then changing the sessionAuth policy so that rather returning a 403 it assigns them as the anon user.

// api/policies/sessionAuth.js
module.exports = function(req, res, next) {
  if (req.session.authenticated) {
    return next();
  } else {
    User.findOne({username: 'anon'}).then(function(user){
      req.user = user;
      return next();
    });
  }
};

Obviously I can implement this myself but as there is a default public role it probably should be included. Also I'm not 100% sure if this method will cause any undesirable issues.

from sails-permissions.

👍

from sails-permissions.

Ran into the same problem. I thought all visitors will be treated as public user. Also your workaround looks ok but it wont help in debug. As the requestlog will show all the public users as anon and it will be impossible to track down a particular request. There should be a method of creating a separate request id for each request and assign that as username with public role.

Any input from developers!

from sails-permissions.