Comments (4)
manast
commented on June 9, 2024
You will need to write a complete use case that reproduces this error, otherwise it is very difficult to help you...
from node_acl.
ericdolson
commented on June 9, 2024
I granted 2 permissions with:
acl.allow('usrgrp_230', 'aco_9990', ['view', 'update']);
Currently in my local MongoDB in the acl_allows_aco_9990 collection:
/* ... */
/* 9 */
{
"_id" : ObjectId("537fc18e0699b9d2c8fe0132"),
"key" : "usrgrp_230",
"view" : true,
"update" : true
}
Both permissions are there exactly as expected. Now I want to remove the 'update' permission so I run:
acl.removeAllow('usrgrp_230', 'aco_9990', 'update');
I would expect to get
/* ... */
/* 9 */
{
"_id" : ObjectId("537fc18e0699b9d2c8fe0132"),
"key" : "usrgrp_230",
"view" : true
}
in my DB, but instead I get:
/* 8 */
{
...
}
/* no 9th item here now! */
I even confirmed I wasn't overlooking something by querying for 'view' permissions still with the isAllowed() function and getting a false result. All permissions are missing too happens if I were to remove just the 'view' permission.
Thank you :)
from node_acl.
christophertrudel
commented on June 9, 2024
I can confirm that this is an issue. I have narrowed it down to line 259 of acl.js in the removeAllow function.
if(cb){
permissions = makeArray(permissions);
}else{
cb = permissions;
permissions = null;
}
I am not sure why there is a check on cb, I can not see the logic here. I have commented it out and the unit test pass for the memory backend. The reason why this is happening is because instead of passing the cb param to removeAllow we are using .then(), this then nulls out the permissions variable before it is passed on to removePermissions().
If there is no particular reason for this if statement I suggest it be removed.
Like mentioned above I have only tested against the memoryBackend but while doing so and having the if statement commented out both
acl.removeAllow('fumanchu', 'news', 'delete').then(function(){
done()
});
acl.removeAllow('fumanchu', 'news', 'delete', function (err) {
assert(!err)
done()
});
work but when not commented out the first .then() fails.
On another note the it statement claims to 'Remove delete and put permissions from resource news from role fumanchu' when in reality it is trying to only remove the 'delete'. 😉
from node_acl.
manast
commented on June 9, 2024
@christophertrudel yeah that piece of code seems to be totally wrong. This are remains from when the code was not promise based. Im going to fix it right away.
from node_acl.
Related Issues (20)
- redisBackend do not suport redis cluster instance.
- RBAC or ACL? HOT 3
- Can not work with redisBackend HOT 1
- Max mongo document size HOT 2
- since table for allows? HOT 3
- Deprecation warnings given for mongodb-backend.js HOT 1
- remove user HOT 3
- Checking Access Based Upon Role Instead of User
- Question: bulk userRoles
- I need superadmin, what can i do with node_acl? HOT 5
- potential memory leak when using memory backend?
- updating to mongo 4.0 causes issue with select {_bucketname: 0}, not working HOT 1
- self.db.collection is not a function HOT 2
- Alternative for microservices architecture
- NPM found 1 high severity vulnerability (mongodb must be >=3.1.13) HOT 4
- Is this project dead? HOT 4
- [email protected] vulnerability issue with [email protected] HOT 3
- DeprecationWarning: collection.update is deprecated. Use updateOne, updateMany, or bulkWrite instead.
- has removeResource been abandoned ? HOT 2
- Missing index on `key` property on Mongodb
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node_acl.