docs(readme): correct docs about hasPermissionForUser (#165)

node-casbin · Mar 24, 2024 · 7034ff1 · 7034ff1
1 parent ec3da2f
commit 7034ff1
Showing 1 changed file with 9 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -155,7 +155,7 @@ Only when the user is granted both permissions of reading any user address and r
 While the `@UsePermissions` decorator is good enough for most cases, there are situations where we may want to check for a permission in a method's body. We can inject and use `AuthzRBACService` or `AuthzManagementService` which are wrappers of casbin api for that as shown in the example below:
 
 ```typescript
-import { Controller, Get, UnauthorizedException } from '@nestjs/common';
+import { Controller, Get, UnauthorizedException, Req } from '@nestjs/common';
 import {
   AuthZGuard,
   AuthZRBACService,
@@ -169,14 +169,20 @@ export class AppController {
   constructor(private readonly rbacSrv: AuthZRBACService) {}
 
   @Get('users')
-  async findAllUsers() {
-    const isPermitted = await this.rbacSrv.hasPermissionForUser();
+  async findAllUsers(@Req() request: Request) {
+    let username = request.user['username'];
+    // If there is a policy  `p, root, user, read:any` in policy.csv
+    // then user `root` can do this operation
+
+    // Using string literals for simplicity.
+    const isPermitted = await this.rbacSrv.hasPermissionForUser(username, "user", "read:any");
     if (!isPermitted) {
       throw new UnauthorizedException(
         'You are not authorized to read users list'
       );
     }
     // A user can not reach this point if he/she is not granted for permission read users
+    // ...
   }
 }
 ```
@@ -189,9 +195,3 @@ For more detailed information, checkout the working example in
 ## License
 
 This project is licensed under the MIT license.
-
-## Contact
-
-If you have any issues or feature requests, contact me. PR is welcomed.
-
-- dreamdeviloo@163.com