Search code examples
javascriptangularjsnode.jsmeanjsyeoman-generator-angular

Meanjs Forbidden Error

I am a new bee in AngularJs,below is the policy code created by Meanjs yo generator ,for learning purpose have created a library management system ,The problem what i am facing is when i am testing my server code i.e the API through browser URL...I am getting the result for http://localhost:3000/api/searchbooks/bookname/davincicode as JSON Object

but for below url it's giving me {message: 'User is not authorized'}
http://localhost:3000/api/searchbooks/bookname/davincicode/bookName

exports.invokeRolesPolicies = function () {
  acl.allow([  
{
    roles: ['user'],
    allows: [{
      resources: '/api/searchbooks',
      permissions: ['get']
    }, {
      resources: '/api/searchbooks/bookname/:searchbookName',
      permissions: ['get']
    }]
},
{
   roles: ['user'],
   allows: [{
     resources: '/api/searchbooks/bookname',
     permissions: ['get']
   }, {
     resources: '/api/searchbooks/bookname/:searchbookName/:action',
     permissions: ['get']
   }]
}

])};

exports.isAllowed = function (req, res, next) {
  var roles = (req.user) ? req.user.roles : ['guest'];

  // If an Searchbook is being processed and the current user created it then allow any manipulation
  if (req.searchbook && req.user && req.searchbook.user && req.searchbook.user.id === req.user.id) {
    return next();
  }
  // Check for user roles
  acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) {
    if (err) {
      // An authorization error occurred
      return res.status(500).send('Unexpected authorization error');
    } else {
      if (isAllowed) {
        // Access granted! Invoke next middleware
        return next();
      } else {
        return res.status(403).json({
          message: 'User is not authorized'
        });
      }
    }
  });
};

I checked my role it's going as user only ,unable to find so specific question elsewhere pls help or provide some pointers.

Solution

  • I have got the issue made mistake in routing part : app.route('/api/searchbooks/bookname/:searchbookName/:actionValue').all(searchbooksPolicy.isAllowed) .get(searchbooks.read)
    Here in policy url its action and i have to give actionValue as the parameter name.

    so passing incorrect parameter name was an issue..