Comprehensive user permissions and entitlements system for sails.js and Waterline. Supports user authentication with passport.js, role-based permissioning, object ownership, and row-level security.
License: MIT License
Firstly it fails for the ip address which could be resolved by including req.socket.handshake.address.address but then it fails on the sanitizeRequestUrl function as req.get('host') causes the error has no method 'get' and req.originalUrl is undefined.
Bashing my head a bit trying to figure this one out. I can't lift my Sails app. However, when I create a brand new test app and follow the same steps (generate a couple of model/controllers and install sails-permissions) it works just fine. Here's the full stacktrace (paths shortened for brevity):
error: TypeError: undefined is not a function
at Object.exports.createModels (.../server/node_modules/sails-permissions/config/fixtures/model.js:18:18)
at initializeFixtures (.../server/node_modules/sails-permissions/api/hooks/sails-permissions.js:52:49)
at .../server/node_modules/sails-permissions/api/hooks/sails-permissions.js:36:13
at tryCatcher (.../server/node_modules/bluebird/js/main/util.js:24:31)
at Promise._settlePromiseFromHandler (.../server/node_modules/bluebird/js/main/promise.js:454:31)
at Promise._settlePromiseAt (.../server/node_modules/bluebird/js/main/promise.js:530:18)
at Promise._settlePromises (.../server/node_modules/bluebird/js/main/promise.js:646:14)
at Async._drainQueue (.../server/node_modules/bluebird/js/main/async.js:177:16)
at Async._drainQueues (.../server/node_modules/bluebird/js/main/async.js:187:10)
at Immediate.Async.drainQueues [as _onImmediate] (.../server/node_modules/bluebird/js/main/async.js:15:14)
at processImmediate [as _immediateCallback] (timers.js:358:17) [TypeError: undefined is not a function]
It seems like it's somehow falling back to the default Promises/A+ implementation in Node, as opposed to the more full-featured Bluebird API. Here's my version output:
node --version
└── v0.12.0
sails --version
└── 0.11.0
npm --version
└── 2.7.1
npm ls bluebird
└── [email protected]
It all works if I add the following lines to the top of sails-permissions/config/fixtures/model.js:
/* global -Promise */
var Promise = require('bluebird');
However, I'm unsure about submitting a PR for this as I really don't understand the ins and outs of it. Is it safe to assume explicitly requiring the Bluebird Promise implementation is a Good Thing™? Why would this be throwing an error in one project, but not another? I'm require-ing Bluebird in my own custom adapter, but if I remove that adapter and remove Bluebird from my package.json it still throws the same error. Any help would be appreciated!
myproject/api/services/protocols/index
var _ = require('lodash');
var _super = require('sails-permissions/api/services/protocols');
_.merge(exports, _super);
_.merge(exports, {
local: require('./local'),
jwt: require('./jwt'),
email: require('./email')
});myproject/api/services/protocols/passport
...
loadStrategies: function() {
var self = this,
strategies = sails.config.passport,
baseUrl = sails.getBaseurl();
sails.log.silly("this.protocols: ", _.keys(this.protocols))
Object.keys(strategies).forEach(function(key) {
...results in:
silly: this.protocols [ 'local', 'basic', 'oauth', 'oauth2', 'openid' ]
I got those error when use sails socket.io js.
code:
error: Sending 500 ("Server Error") response:
TypeError: Cannot read property 'remoteAddress' of undefined
at module.exports (/Users/chipgata/Projects/Backend-Tracking-Marketing/node_modules/sails-permissions/api/policies/AuditPolicy.js:6:67)
error: Sending 500 ("Server Error") response:
TypeError: undefined is not a function
at sanitizeRequestUrl (/Users/chipgata/Projects/Backend-Tracking-Marketing/node_modules/sails-permissions/api/policies/AuditPolicy.js:29:15)
Problem is this connection really don't have ip attribute in req object. But ip come alone with socket object that included in req object.
Hope you have a fix for this soon.
Thank you.
I should fill in my unit tests. this is basically a bug
occurs when trying to query permissions directory
As far as I can tell I've done everything required but when I run sails generate auth-api I get an error of
No generator called auth-api found; perhaps you meant sails generate api auth-api?
and I have added the following to .sailsrc
{
"generators": {
"permissions-api": "sails-permissions",
"auth-api": "sails-auth"
}
}
Every attempt to follow the Readme is failed:
MacBook-Air-Petr:TestProject petrrogov$ sails generate permissions-api
error: No generator called permissions-api found; perhaps you meant sails generate api permissions-api?
What am i doing wrong? Please, help.
I'm still having issues similar to #27 but it only seems to be permissions now. So every time I lift a permission entry is created for each model and action for the admin role.
Please add support of the PATCH method in PermissionService
Is it possible to apply standard filter on model based on permission.
e.g we have customer and order model with one to many relation.
i have permission based filter on customer (e.g. i can see only customers that i own and where customer type is abc). What happens when I query on orders with an "include" on customers.. Will the customer filter be applied automaticaly in the order context as well?
thanks
In the process of grasping how to use sails-permissions, I noticed that the password being added to the User collection was not being encrypted via bcrypt but it is being encrypted when it's added to the passport collection. I was going to address this but I am not clear of the entire flow of the app on initial start up, ie. sails lift.
Can you point me to where I should looks to make the password encrypted for insertion into user collection?
Hi,
I've seen your work so far, and am eager to try this module for Sails once it's finished. However, I see that you rely on sails-generate-auth (wrapped by your own sails-auth) to implement authentication. Sails-generate-auth is mainly a module to authenticate against a local user store, and third-party OAuth providers.
In my case, my Sails app will be an OAuth provider of its own (using OAuthorize). Therefore sails-generate-auth is not nearly as useful: it only supports getting access tokens, not issuing them.
My question is now: will it be possible to separate your permissions layer from the authentication layer? Have you thought about the use case where one would only use the permissions, and not rely on sails-generate-auth?
Suppose the models Message and Stream. A User's permissions on Message should be conditional also on the User's relationship to a Stream.
Suppose Stream has a field called subscribers, which is a list of Users.
A user U can create a Message if U has permission to create Messages and U in myStream.subscribers (aka message.stream == myStream).
Support a where clause in the Permission model.
A Permission for the above example might look like:
{
model: Message,
action: 'create',
where: {
stream: myStream.id
},
role: someRole.id,
createdBy: U.id
}Here, this Permission confers someRole the permission of create on Message if and only if the stream property of Message is myStream.id.
The where clause will probably need to be defined as a separate model Criteria so that it is somewhat more queryable and flexible.
AuthController: {'*': true}AuthController: {'*': [ 'passport' ]}Which one do I use?
As I can authenticate from ember js client? How should it be?
ENV ['single-auth-token'] = {
serverTokenEndpoint: 'http: // localhost: 1337 / auth / local / login',
};
The README mentions row-level security. Is there any documentation for how this works?
When running sails lift or sails console I receive the following error. Probably just a missing attribute?
verbose: Starting ORM...
verbose: orm hook loaded successfully.
debug: sails-permissions: syncing waterline models
debug: sails-permissions: admin user does not exist; creating...
debug: User.afterCreate.setOwner { username: 'admin',
email: '[email protected]',
createdBy: 1,
owner: 1,
id: 1,
createdAt: Mon Mar 23 2015 14:39:47 GMT-0500 (CDT),
updatedAt: Mon Mar 23 2015 14:39:47 GMT-0500 (CDT) }
debug: sails-permissions: created admin user: { createdBy: 1,
owner: 1,
username: 'admin',
email: '[email protected]',
id: 1,
createdAt: Mon Mar 23 2015 14:39:47 GMT-0500 (CDT),
updatedAt: Mon Mar 23 2015 14:39:47 GMT-0500 (CDT) }
error: Error (E_UNKNOWN) :: Encountered an unexpected error
error: column permission.createdBy does not exist
at [object Object].Connection.parseE
...
Details: error: column permission.createdBy does not exist
attribute field is set on Permission objectupdate actionupdate. attributes cannot be deleted.read operationserror: A hook (`userconfig`) failed to load!
error: Error: Invalid module:[object Object],[object Object],[object Object]
Hello,
After I have installed sails-permissions and configured it, I can't lift, sails gave me an error :
There is the log :
info: Starting app...
debug: sails-permissions: syncing waterline models
debug: sails-permissions: admin user does not exist; creating...
debug: User.afterCreate.setOwner { '@type': 'd',
'@Class': 'user',
username: 'acidspike',
email: '[email protected]',
createdBy: null,
owner: null,
createdAt: Thu Apr 30 2015 12:49:34 GMT+0200 (CEST),
updatedAt: Thu Apr 30 2015 12:49:34 GMT+0200 (CEST),
id: '#17:0' }
error: Error: The hooksails-permissionsis taking too long to load.
Make sure it is triggering itsinitialize()callback, or else set `sails.config.sails-permissions._hookTimeout to a higher value (currently 20000)
at tooLong as _onTimeout
at Timer.listOnTimeout (timers.js:110:15)
I am working on Sails 0.11, sails-orientdb adapter 0.10.50 and sails-permissions 1.0.16
I have sought and the problem seems to be in api/models/User.js line 36, at the user update it never goes to the next step.
In my database the user record is updated 6919 times (depending on computer speed).
I don't know if I should be using the following, but without this, the create and me routes do not work.
UserController: {
create: true,
me: ['passport']
}More terminologically parallel with createdAt and updatedAt. Also consider supporting an additional createdBy attribute, which could conceivably be different than ownedBy
Hi there,
Followed the installation instructions, on a cleanly generated sails app, but after applying the policies to my policies.js configuration file as described, the app won't start.
error: Unknown policy, "basicauth", referenced in `config.policies`.
After a bit of digging, it looks like these files aren't being copied from your "api" folder. I copied them over from this repository. Now I'm greeted with a new error:
Error: Collection user has an attribute named passports that is pointing to
a collection named passport which doesn't exist. You must first create the passport collection.
Can you explain this? I think this library could be really useful - really want to get it going!
~T
How is the public role supposed to work? I would have assumed that this role could be used for users that are not logged in i.e anonymous users. However I have added a read permission to a model for the public role but I get error: "You are not permitted to perform this action."
Hi,
I'm trying to get this setup on a completely fresh install, but whenever i try to create any new objects via a POST request i get the following errors logged in the console:
error: Sending 500 ("Server Error") response:
TypeError: Cannot read property 'create' of undefined
at module.exports (/Users/garethjeanne/Documents/Programming/Heroku/htl/node_modules/sails-permissions/api/policies/AuditPolicy.js:9:26)
at routeTargetFnWrapper (/usr/local/lib/node_modules/sails/lib/router/bind.js:179:5)
at callbacks (/usr/local/lib/node_modules/sails/node_modules/express/lib/router/index.js:164:37)
at param (/usr/local/lib/node_modules/sails/node_modules/express/lib/router/index.js:138:11)
at pass (/usr/local/lib/node_modules/sails/node_modules/express/lib/router/index.js:145:5)
at nextRoute (/usr/local/lib/node_modules/sails/node_modules/express/lib/router/index.js:100:7)
at callbacks (/usr/local/lib/node_modules/sails/node_modules/express/lib/router/index.js:167:11)
at /usr/local/lib/node_modules/sails/lib/router/bind.js:187:7
at /Users/garethjeanne/Documents/Programming/Heroku/htl/node_modules/sails-permissions/api/policies/ModelPolicy.js:33:7
at tryCatcher (/usr/local/lib/node_modules/sails/node_modules/waterline/node_modules/bluebird/js/main/util.js:24:31)
at Promise._settlePromiseFromHandler (/usr/local/lib/node_modules/sails/node_modules/waterline/node_modules/bluebird/js/main/promise.js:454:31)
at Promise._settlePromiseAt (/usr/local/lib/node_modules/sails/node_modules/waterline/node_modules/bluebird/js/main/promise.js:530:18)
at Promise._settlePromises (/usr/local/lib/node_modules/sails/node_modules/waterline/node_modules/bluebird/js/main/promise.js:646:14)
at Async._drainQueue (/usr/local/lib/node_modules/sails/node_modules/waterline/node_modules/bluebird/js/main/async.js:79:16)
at Async._drainQueues (/usr/local/lib/node_modules/sails/node_modules/waterline/node_modules/bluebird/js/main/async.js:89:10)
at Async.drainQueues (/usr/local/lib/node_modules/sails/node_modules/waterline/node_modules/bluebird/js/main/async.js:14:14)
at process._tickDomainCallback (node.js:381:11) [TypeError: Cannot read property 'create' of undefined]
Any idea what's going on, everything is default and i've followed the instructions as best i can.
If i do a get i can't see any objects in the permission, role or user endpoints at all.
Thanks
Gareth
Every time I lift my app it's adding the default models, roles and permissions each time, so this collections are ending up with lots of duplicates.
debug: Installing Models
debug: creating Model
debug: creating Permission
debug: creating Role
debug: creating User
This is using Sails v0.10.5 with mongodb.
One thing that may be blocking for some people is that the actions that may be protected by this is limited to CRUD actions. How difficult would it be to allow custom actions to be defined, so that for example, a User could be given permission to execute a run action on a given Task?
It would be nice to have a https://gitter.im/ chat badge added in the README.md for this repository. If you sign into gitter and create a room linked to this repository it should issue a PR to add this badge for you automatically.
I'm trying to implement a Sails project using sails-permissions / sails-auth.
It appears that /api/services/PermissionServices.js is incomplete as /api/policies/PermissionPolicy references PermissionService.isValid() on line 46, while no such method exists in PermissionService.js.
I am trying to get started with sails-permissions but I am unclear on how the default username and password work.
When trying to run the example in the docs using the authorization header 'Basic YWRtaW46YWRtaW4xMjM0' (admin:admin1234)
POST /user
{
username: 'tjwebb',
email: '[email protected]',
password: 'test123'
}
"error": "Could not authenticate user admin"
I've also tried using '[email protected]' as the username. What am I missing?
Btw I am using the sails-postgresql adapter.
Can you please provide example for local strategy implementation.
At the moment i am unable to see login path.
Thanks,
Hello,
Currently you have a role based permission but it can be useful to have (in addition to role based permission) a User based permission.
I will try to explain, I have :
Model A
User A
User B
User A has created a record of Model A, however, User A does not want the User B (and only him) have access to that record.
Can I do this actually with sails-permissions ?
Thanks in advance for your response.
An error response would be preferable to a server crash. Here is the full stack trace:
debug: Error (E_VALIDATION) :: 2 attributes are invalid
:
at WLValidationError.WLError (/[User]/.node/lib/node_modules/sails/node_modules/waterline/lib/waterline/error/WLError.js:33:18)
at new WLValidationError (/[User]/.node/lib/node_modules/sails/node_modules/waterline/lib/waterline/error/WLValidationError.js:20:28)
at duckType (/[User]/.node/lib/node_modules/sails/node_modules/waterline/lib/waterline/error/index.js:60:12)
at errorify (/[User]/.node/lib/node_modules/sails/node_modules/waterline/lib/waterline/error/index.js:39:10)
at wrappedCallback (/[User]/.node/lib/node_modules/sails/node_modules/waterline/lib/waterline/utils/normalize.js:320:15)
at _normalizeCallback.callback.error (/[User]/.node/lib/node_modules/sails/node_modules/waterline/node_modules/switchback/lib/normalize.js:42:31)
at _switch (/[User]/.node/lib/node_modules/sails/node_modules/waterline/node_modules/switchback/lib/factory.js:46:28)
at [object Object]._onTimeout (/[Project]/node_modules/sails-disk/lib/adapter.js:179:10)
at Timer.listOnTimeout [as ontimeout] (timers.js:110:15)
Invalid attributes sent to undefined:
• username
• A record with that `username` already exists (`cratervale`).
• email
• A record with that `email` already exists (`[email protected]`).
verbose: Lowering sails...
verbose: Sent kill signal to child process (21472)...
verbose: Shutting down HTTP server...
/[Project]/node_modules/sails-auth/api/services/protocols/local.js:42
throw new Error('Error.Passport.Email.Exists');
^
Error: Error.Passport.Email.Exists
at /[Project]/node_modules/sails-auth/api/services/protocols/local.js:42:17
at /[User]/.node/lib/node_modules/sails/node_modules/waterline/lib/waterline/query/dql/create.js:216:14
at bound (/[User]/.node/lib/node_modules/sails/node_modules/lodash/dist/lodash.js:957:21)
at applyInOriginalCtx (/[User]/.node/lib/node_modules/sails/node_modules/waterline/lib/waterline/utils/normalize.js:416:80)
at wrappedCallback (/[User]/.node/lib/node_modules/sails/node_modules/waterline/lib/waterline/utils/normalize.js:326:16)
at _normalizeCallback.callback.error (/[User]/.node/lib/node_modules/sails/node_modules/waterline/node_modules/switchback/lib/normalize.js:42:31)
at _switch (/[User]/.node/lib/node_modules/sails/node_modules/waterline/node_modules/switchback/lib/factory.js:46:28)
at afterwards
while i am trying to install , it giving https://registry.npmjs.org/sails-permissions/-/sails-permissions-1.0.17.tgz 404.
Can you fix ASAP.
npm ERR! fetch failed https://registry.npmjs.org/sails-permissions/-/sails-permissions-1.0.17.tgz
npm WARN retry will retry, error on last attempt: Error: fetch failed with status code 404
npm ERR! fetch failed https://registry.npmjs.org/sails-permissions/-/sails-permissions-1.0.17.tgz
npm WARN retry will retry, error on last attempt: Error: fetch failed with status code 404
npm ERR! fetch failed https://registry.npmjs.org/sails-permissions/-/sails-permissions-1.0.17.tgz
Following the example in the docs, I am trying to make a POST call to the /user endpoint to create a new user.
{
"username": "tjwebb",
"email": "[email protected]",
"password": "test123"
}
The action behaves as expected for adding a new row in the User table and linking the new user to the default 'registered' role (via role_users__user_roles table when using sails-postgresql adapter). However, it errors before a new row is added to the Passport table. Here's the log:
sails> debug: User.afterCreate.setOwner { username: 'tjwebb',
email: '[email protected]',
createdBy: 1,
owner: null,
id: 3,
createdAt: Mon Mar 23 2015 16:38:04 GMT-0500 (CDT),
updatedAt: Mon Mar 23 2015 16:38:04 GMT-0500 (CDT) }
error: Sending 500 ("Server Error") response:
Error: Error.Passport.Password.Invalid
at /[PROJECT]/node_modules/sails-auth/api/services/protocols/local.js:58:17
at /[USER]/.node/lib/node_modules/sails/node_modules/waterline/lib/waterline/query/dql/create.js:73:22
...
at /[PROJECT]/node_modules/sails-auth/api/services/protocols/local.js:51:14
at /[USER]/.node/lib/node_modules/sails/node_modules/waterline/lib/waterline/query/dql/create.js:241:9
at /[USER]/.node/lib/node_modules/sails/node_modules/waterline/node_modules/async/lib/async.js:157:25
at /[PROJECT]/node_modules/sails-permissions/api/models/User.js:40:11
I've created a brand new Sails app, then added 'sails-permissions' to the package.json as a dependency, then added the generator to the .sailsrc and ran 'sails generate permissions-api'. All well so far. Then when I try to lift, I get
appFolder\node_modules\sails-permissions\api\hooks\sails-permissions.js:107
policies.AuthController['*'] = true
^
TypeError: Cannot set property '*' of undefined
at validatePolicyConfig (appFolder\node_modules\sails-permissions\api\hooks\sails-permissions.js:107:34)
at Hook.initialize (appFolder\node_modules\sails-permissions\api\hooks\sails-permissions.js:23:12)
at Hook.bound [as initialize] (appFolder\node_modules\sails\node_modules\lodash\dist\lodash.js:729:21)
at appFolder\node_modules\sails\lib\hooks\index.js:75:14 at appFolder\node_modules\sails\node_modules\async\lib\async.js:454:17
at appFolder\node_modules\sails\node_modules\async\lib\async.js:444:17
at Array.forEach (native)
at _each (appFolder\node_modules\sails\node_modules\async\lib\async.js:
46:24)
at Object.taskComplete (appFolder\node_modules\sails\node_modules\async\lib\async.js:443:13)
at processImmediate [as _immediateCallback] (timers.js:330:15)
Any clues?
Hi there,
Have noticed since installing and generating the permissions hooks, I get database errors if I create a new model. It seems the script doesn't check whether there is an existing model representation before attempting to create a new one.
I assume using this method it would also invalidate any current permissions every time the app is re-initialised.
This could potentially be solved by using a findOrCreate method instead of just a create in your model fixtures.
~T
i might be doing stuff totally wrong, but it seem's like i can't use my controllers anymore after using the sails-permissions generator.
I keep getting a
[Error: Invalid route option, "model".I don't know about any models named: test]
in my sails console, even though it should find a Controller named TestController, not a Model 'Test'
Edit: Whoops, forgot to change Policies! Fixed it myself
On a fresh installation of sails-permissions with [email protected], the default admin user is created erroneously with the username as '[email protected]':
debug: sails-permissions: syncing waterline models
debug: sails-permissions: admin user does not exist; creating...
debug: User.afterCreate.setOwner { username: 'admin',
email: '[email protected]',
createdBy: 1,
owner: 1,
model: 4,
createdAt: Mon May 18 2015 20:27:57 GMT-0400 (EDT),
updatedAt: Mon May 18 2015 20:27:57 GMT-0400 (EDT),
id: 1 }
debug: sails-permissions: created admin user: { createdBy: 1,
owner: 1,
username: '[email protected]',
email: '[email protected]',
model: 4,
createdAt: Mon May 18 2015 20:27:57 GMT-0400 (EDT),
updatedAt: Mon May 18 2015 20:27:58 GMT-0400 (EDT),
id: 1 }
Behaviour was last okay on [email protected].
Hi guys, I have a problem setting up sails-permissions.
On server starting:
sails c
info: Starting app in interactive mode...
debug: sails-permissions: syncing waterline models
debug: sails-permissions: created admin user: { createdBy: 1,
owner: 1,
username: 'admin',
email: '[email protected]',
id: 1,
createdAt: '2015-05-27T14:55:56.000Z',
updatedAt: '2015-05-27T14:55:56.000Z' }
error: Error (E_UNKNOWN) :: Encountered an unexpected error
: ER_BAD_FIELD_ERROR: Unknown column 'permission.createdBy' in 'where clause'
As I understand, table 'permissions' doesn't have createdBy column by scheme, but I'm not sure.
Also I have an error with User.register() method:
Unhandled rejection [Error (E_UNKNOWN) Encountered an unexpected error]
Details: Error: ER_NO_DEFAULT_FOR_FIELD: Field 'createdBy' doesn't have a default value
I tried setting sails.config.passport.google = false, but nada.
Sails controllers may specify models that don't directly map to the controller names. For example, inside api/controllers/MeatController.js you could specify:
module.exports = {
_config: {
model: 'fish'
}
};
Or, a more realistic example is namespacing the API with 'v1' etc, so inside api/controllers/v1/MeatController.js, in order to prevent sails looking for a model called v1/Meat you would specify:
module.exports = {
_config: {
model: 'meat'
}
};
Currently sails-permissions loops over the controller names to derive the model names during creation. It would be good to check for custom configurations like the above and use that first, falling back to controller name if not found.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.