Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


experiencing same problem as issue #11 #40

josh-- opened this Issue · 10 comments

5 participants


Im having what appears to be the same problem described in issue #11.

I have the following role defined

acl.allow('client', ['/user'], ['get', 'put', 'post'], function(err){
if(err){console.log('error adding permissions');}

when attempting to delete a user i get this error

object Object]
at new HttpError (/vagrant/www/project/node_modules/acl/lib/acl.js:489:11)
at /vagrant/www/project/node_modules/acl/lib/acl.js:532:14
at /vagrant/www/project/node_modules/acl/lib/acl.js:685:13
at Object.MemoryBackend.union (/vagrant/www/project/node_modules/acl/lib/memory-backend.js:78:7)
at /vagrant/www/project/node_modules/acl/lib/acl.js:679:22
at Object.MemoryBackend.union (/vagrant/www/project/node_modules/acl/lib/memory-backend.js:76:7)
at Acl._checkPermissions (/vagrant/www/project/node_modules/acl/lib/acl.js:666:16)
at Acl.areAnyRolesAllowed (/vagrant/www/project/node_modules/acl/lib/acl.js:387:10)
at /vagrant/www/project/node_modules/acl/lib/acl.js:359:12
at Object.MemoryBackend.get (/vagrant/www/project/node_modules/acl/lib/memory-backend.js:55:7)
DELETE /user/5262979da409582466000003 500 16ms

however when the role is configured with the requested resource (delete in this case) it works fine
acl.allow('client', ['/user'], ['get', 'put', 'post', 'delete'], function(err){
if(err){console.log('error adding permissions');}
Also everything appears to work correctly when using the isAllowed method

I run into the same error when using both redis and memory backends.



could you please write a piece of node acl code that reproduces the bug?, that would be very helpful.



I just added you to a repo where i have setup with a minimal application which explains the problem im running into. The readme describes how it can be reproduced. If you need anything else let me know.



I tried the repo that you created but it does not seems to work.
If you could just write a clean acl example that reproduces the bug I could fix it quite fast...


@josh-- If this is still happening, please try the code in my comment @ #45
If not, i'd suggest to mark this as closed, to not bloat the issue list.

@josh-- josh-- closed this

I'm also having this problem when I migrated to Express 4.X


Just I'm trying to configure with express 4.x and the error also appear when the user dont have any role, the response will be a 401 instead showme this:

[object Object]
at new HttpError (/home/rikhart/Desktop/app4/node_modules/acl/lib/acl.js:493:11)
at Object.handle (/home/rikhart/Desktop/app4/node_modules/acl/lib/acl.js:510:14)
at next_layer (/home/rikhart/Desktop/app4/node_modules/express/lib/router/route.js:103:13)
at Route.dispatch (/home/rikhart/Desktop/app4/node_modules/express/lib/router/route.js:107:5)
at /home/rikhart/Desktop/app4/node_modules/express/lib/router/index.js:205:24
at Function.proto.process_params (/home/rikhart/Desktop/app4/node_modules/express/lib/router/index.js:269:12)
at next (/home/rikhart/Desktop/app4/node_modules/express/lib/router/index.js:199:19)
at Function.proto.handle (/home/rikhart/Desktop/app4/node_modules/express/lib/router/index.js:151:3)
at Layer.router (/home/rikhart/Desktop/app4/node_modules/express/lib/router/index.js:24:12)
at trim_prefix (/home/rikhart/Desktop/app4/node_modules/express/lib/router/index.js:240:15)
GET / 500 12.041 ms - 960


It would be great if somebody could provide a patch for express 4 support...


I found where the problem is. There is NO issue with ACL module.

You have to make sure your error handling method to catch errors is running AFTER you setup your routes. Mine was created before my routes were assigned. Once I moved my code to handle capturing the errors, it worked like a charm.


Its true only I added this block now I can control the 401:

app.use(function (err, req, res,next) {
      res.status(err.status || 500);
        message: err.message,
        error: err,
        title: 'error'

By other hand now I am trying this piece of code and seem not work please any suggestion:

var mongoose = require('mongoose');
var db = mongoose.connection;
acl = new acl(new acl.mongodbBackend(mongoose.connection.db, 'acl_'));

            {resources:['forums','news'], permissions:['get','put','delete']}


And always return {} empty.
I am using mongoose.


@Rikhart acl methods are asynchronous, so you have to wait for acl.allow to finalize, either by providing a callback or by waiting the returned promise to be resolved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.