node_acl | Access control lists for node applications | Runtime Evironment library

Hi please can anyone help me. I want user to be able to access only what they are permitted to access.

I have been looking at several Access Control List packages. I have not made a final decision.

A restaurant which would have several levels of permission.

1. The customer can place several orders and can see what foods he has ordered

2. He can also modify the order only within a specified time period e.g. before the order is being processed.

3. The customer can only view his own order and the stage which the order is.

4. A staff can only check the order than is under his menu and state how much the order would cost and how long the order would take.

5. Another staff would be in charge of the stores and how things goes in and goes out.

6. A Staff can be in charge of a department and at the same time allow input to a menu which is under another department.

I have been looking at how I can go about putting this into Express.js and mongodb

I have looked at the following

https://github.com/optimalbits/node_acl main focus

https://www.npmjs.com/package/acl https://www.npmjs.com/package/express-acl

But I have not got the granularity and the mix which I stated above.

The permission would be based majorly on data. It has been a little confusing as to how I can go about that.

Any help will be useful

I use mongoose as my driver

I am implementing acl usind node_acl for my express app. I am making db connection in a separate file to handle the connection time of mongoose like this: connect.js:

In my express app I am implementing ACL using node_acl

my acl.js looks like:

I am using Node_ACL, for authorization purpose it is working fine but whenever any request gets denied it generates 500 Internal Server Error but it should show 403 Access denied error. I already looked into its proper installation and setting but I didn't find any solution.

I am using it with Express js as a middleware. I am not sure who is causing the 500 Internal Server Error. I mean I have used Node-ACL as a middleware in Express js. Whenever a client makes any request the Node ALC authenticate it first and then give access to the particular resource. So when the authorization gets failed, the 500 Internal Server Error is coming to the client from the server. So Express can also be the reason because it's middleware is getting failed. I am not sure what to do.

Please help. Thanks.

I am trying out node_acl with passport-local. When I run my code I cannot secure the route for the admin-user '/admin' and I am redirected to the /login page.

Find below my minimum runnable example: