I'm trying to build a sort of database-based ACL for my Express application. I currently have a Permissions table in the database that contains something like that:
- Resource:
* - Method:
* - RoleID:
1 - isAllowed:
true
- Resource:
/users - Method:
GET - RoleID:
2 - isAllowed:
false
- Resource:
/users/id/* - Method:
GET - RoleID:
2 - isAllowed:
true
My aim is to build a middleware that checks on the request object and allows or denies the route based on the rules in the database. My practical problem is, how do I match, say /users/id/1 with the database entry /users/id/*? If I use the database entry as the basis for my regex, then /users/id/1 is clearly matched, however, I don't think it's practical to pull and test ALL database entries for each request. What do you think would be the best approach to obtain the right rule from the database based on the requested URL?
Thanks for your time!
via finferflu
No comments:
Post a Comment