The same question was asked here 4 years ago w/ no answer, so I thought I'd bring it up as I'm running into this issue myself: https://stackoverflow.com/questions/30999003/how-should-acl-work-in-a-rest-apiI want to add an ACL to my middleware. My express logic is as follows :app.use(`api/v1/location/${locationIdRegex}`, passportAuth, locationRouter); my passport middleware authenticates the user by making sure their access token is correct. The next step is that I need to make sure that this user has access to the resource they are trying to modify.The issue is that with REST, we put the resource in the path: "/location/${regex}". In another middleware function, we could look for the "location" string and then base our decision off of that. If we have another resource in the path, "/organization/${regex}/location/${regex2}", it gets much more complex. We can't just look in position 2 for "location" or "organization", because we have many resources.What's the best way to determine which resource is being accessed?
Submitted January 29, 2020 at 06:39PM by fenwalt
No comments:
Post a Comment