Skip to content
This repository has been archived by the owner on Aug 30, 2021. It is now read-only.

using mongodb for the acl policy #1653

Open
helxsz opened this issue Nov 24, 2016 · 3 comments
Open

using mongodb for the acl policy #1653

helxsz opened this issue Nov 24, 2016 · 3 comments
Assignees
@mleanos
Labels
feedback:discuss
Milestone
q

Comments

@helxsz
Copy link

helxsz commented Nov 24, 2016

In every module, there is a policy file to be called

acl = new acl(new acl.memoryBackend());
I wonder if there are many modules then would it generates more than one instances. Currently I am working on the mongodb for the acl, which needs the mongodb database object directly.

So I am thinking there is a better to do it by

https://github.com/meanjs/mean/blob/master/config/lib/express.js

/**
 * Initialize the Express application
 */
module.exports.init = function (db) {
   this.initModulesServerPolicies(app,db);
}

/**
 * Configure the modules ACL policies
 */
module.exports.initModulesServerPolicies = function (app, db) {

  var mongoBackend = new acl.mongodbBackend(db, 'acl_');
  var acl = new acl(mongoBackend);

  // Globbing policy files
  config.files.server.policies.forEach(function (policyPath) {
    require(path.resolve(policyPath)).invokeRolesPolicies(acl);
  });
};




https://github.com/meanjs/mean/blob/master/modules/users/server/policies/admin.server.policy.js
module policy file
exports.invokeRolesPolicies = function (acl) {
  acl.allow([{
    roles: ['admin'],
    allows: [{
      resources: '/api/users',
      permissions: '*'
    }, {
      resources: '/api/users/:userId',
      permissions: '*'
    }]
  }]);
};
@simison
Copy link
Member

simison commented Nov 24, 2016

I wonder if there are many modules then would it generates more than one instances. Currently I am working on the mongodb for the acl, which needs the mongodb database object directly.

It sounds like you should do some tests first to see if this really helps performance before spending too much time on this. WDYT?

@mleanos
Copy link
Member

mleanos commented Nov 26, 2016

@helxsz Remember you will need the ACL for the isAllowed method. With this approach that could be tricky. I haven't looked at the MongoDB back-end option for the ACL library in detail.

For this configuration approach to work, you'd probably be better off refactoring the ACL policies to export a class-like object that retrieves the MongoDB backend end ACL object in it's constructor.

IMO, it would be better to not have this ACL logic inside the configuration. You could pass the db to the require statement instead. I'm not sure of the changes that would have to be made to the Policy files for this to work though.

@mleanos mleanos self-assigned this Nov 26, 2016
@mleanos mleanos added this to the q milestone Nov 26, 2016
@helxsz
Copy link
Author

helxsz commented Nov 27, 2016

@mleanos of course, ACL logic should be in the configuration but inside each module. However, Initializing the ACL middleware should do in the server configuration since db object is easily found in the configuration. Otherwise as you said, passing the 'db' object to the module

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mleanos mleanos

Labels
feedback:discuss
Projects
None yet
Milestone
q
Development

No branches or pull requests
3 participants
@simison @helxsz @mleanos