AngualrJs 最新 文件图片上传教程9：Server-policies

'use strict';

/**
* Module dependencies
*/
var acl = require('acl');

// Using the memory backend
acl = new acl(new acl.memoryBackend());

/**
* Invoke WomenInformationManagement Permissions
*/
exports.invokeRolesPolicies = function () {
acl.allow([{
roles: ['user', 'admin'],
allows: [{
resources: '/api/womenInformationManagement',
permissions: '*'
}, {
resources: '/api/womenInformationManagement/:womenInformationManagementId',
permissions: '*'
}]
}]);
};

/**
* Check If WomenInformationManagement Policy Allows
*/
exports.isAllowed = function (req, res, next) {
var roles = (req.user) ? req.user.roles : ['guest'];

// Check for user roles
acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) {
if (err) {
// An authorization error occurred
return res.status(500).send('Unexpected authorization error');
} else {
if (isAllowed) {
// Access granted! Invoke next middleware
return next();
} else {
return res.status(403).json({
message: 'User is not authorized'
});
}
}
});
};