Skip to content

experiencing same problem as issue #11 #40

josh-- opened this Issue Oct 19, 2013 · 10 comments

5 participants

josh-- commented Oct 19, 2013

Im having what appears to be the same problem described in issue #11.

I have the following role defined

acl.allow('client', ['/user'], ['get', 'put', 'post'], function(err){
if(err){console.log('error adding permissions');}

when attempting to delete a user i get this error

object Object]
at new HttpError (/vagrant/www/project/node_modules/acl/lib/acl.js:489:11)
at /vagrant/www/project/node_modules/acl/lib/acl.js:532:14
at /vagrant/www/project/node_modules/acl/lib/acl.js:685:13
at Object.MemoryBackend.union (/vagrant/www/project/node_modules/acl/lib/memory-backend.js:78:7)
at /vagrant/www/project/node_modules/acl/lib/acl.js:679:22
at Object.MemoryBackend.union (/vagrant/www/project/node_modules/acl/lib/memory-backend.js:76:7)
at Acl._checkPermissions (/vagrant/www/project/node_modules/acl/lib/acl.js:666:16)
at Acl.areAnyRolesAllowed (/vagrant/www/project/node_modules/acl/lib/acl.js:387:10)
at /vagrant/www/project/node_modules/acl/lib/acl.js:359:12
at Object.MemoryBackend.get (/vagrant/www/project/node_modules/acl/lib/memory-backend.js:55:7)
DELETE /user/5262979da409582466000003 500 16ms

however when the role is configured with the requested resource (delete in this case) it works fine
acl.allow('client', ['/user'], ['get', 'put', 'post', 'delete'], function(err){
if(err){console.log('error adding permissions');}
Also everything appears to work correctly when using the isAllowed method

I run into the same error when using both redis and memory backends.

OptimalBits member
manast commented Oct 20, 2013


could you please write a piece of node acl code that reproduces the bug?, that would be very helpful.


josh-- commented Oct 20, 2013

I just added you to a repo where i have setup with a minimal application which explains the problem im running into. The readme describes how it can be reproduced. If you need anything else let me know.


OptimalBits member
manast commented Oct 21, 2013

I tried the repo that you created but it does not seems to work.
If you could just write a clean acl example that reproduces the bug I could fix it quite fast...

danwit commented Apr 25, 2014

@josh-- If this is still happening, please try the code in my comment @ #45
If not, i'd suggest to mark this as closed, to not bloat the issue list.

@josh-- josh-- closed this Jul 29, 2014
nielswh commented Aug 23, 2014

I'm also having this problem when I migrated to Express 4.X

Rikhart commented Aug 24, 2014

Just I'm trying to configure with express 4.x and the error also appear when the user dont have any role, the response will be a 401 instead showme this:

[object Object]
at new HttpError (/home/rikhart/Desktop/app4/node_modules/acl/lib/acl.js:493:11)
at Object.handle (/home/rikhart/Desktop/app4/node_modules/acl/lib/acl.js:510:14)
at next_layer (/home/rikhart/Desktop/app4/node_modules/express/lib/router/route.js:103:13)
at Route.dispatch (/home/rikhart/Desktop/app4/node_modules/express/lib/router/route.js:107:5)
at /home/rikhart/Desktop/app4/node_modules/express/lib/router/index.js:205:24
at Function.proto.process_params (/home/rikhart/Desktop/app4/node_modules/express/lib/router/index.js:269:12)
at next (/home/rikhart/Desktop/app4/node_modules/express/lib/router/index.js:199:19)
at Function.proto.handle (/home/rikhart/Desktop/app4/node_modules/express/lib/router/index.js:151:3)
at Layer.router (/home/rikhart/Desktop/app4/node_modules/express/lib/router/index.js:24:12)
at trim_prefix (/home/rikhart/Desktop/app4/node_modules/express/lib/router/index.js:240:15)
GET / 500 12.041 ms - 960

OptimalBits member
manast commented Aug 24, 2014

It would be great if somebody could provide a patch for express 4 support...

nielswh commented Aug 24, 2014

I found where the problem is. There is NO issue with ACL module.

You have to make sure your error handling method to catch errors is running AFTER you setup your routes. Mine was created before my routes were assigned. Once I moved my code to handle capturing the errors, it worked like a charm.

Rikhart commented Aug 24, 2014

Its true only I added this block now I can control the 401:

app.use(function (err, req, res,next) {
      res.status(err.status || 500);
        message: err.message,
        error: err,
        title: 'error'

By other hand now I am trying this piece of code and seem not work please any suggestion:

var mongoose = require('mongoose');
var db = mongoose.connection;
acl = new acl(new acl.mongodbBackend(mongoose.connection.db, 'acl_'));

            {resources:['forums','news'], permissions:['get','put','delete']}


And always return {} empty.
I am using mongoose.

OptimalBits member
manast commented Aug 25, 2014

@Rikhart acl methods are asynchronous, so you have to wait for acl.allow to finalize, either by providing a callback or by waiting the returned promise to be resolved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.