I'm trying to authorize a user to perform a specific task using expressjs. The problem is if the value I assign inside an inline function can't be kept when it leaves the function.
var mysql = require('mysql');
var pool = mysql.createPool({
host: 'localhost',
user: 'root',
password: '',
database: 'database'
});
exports.authorizeAndWriteToSession = function (req, res, resource_code, right) {
req.session.authorized = false;
if (!req.session.authenticated) {
res.send("Không có quyền truy cập tài nguyên này vì chưa đăng nhập");
}
else {
if (!req.session.validated) {
res.send("");
}
else {
pool.getConnection(function (err, connection) {
connection.query('SELECT * FROM role_based_acl...', [req.session.user_id, resource_code], function (err, rows) {
if (rows.length === 0) {
res.send("<h2 style='color:red'></h2>");
}
else {
if (right === 'view') {
req.session.authorized = (rows[0].allow_view === 1);
}
else {
if (right === 'list') {
req.session.authorized = (rows[0].allow_list === 1);
}
else {
if (right === 'retrieve') {
req.session.authorized = (rows[0].allow_view === 1);
}
else {
if (right === 'create') {
req.session.authorized = (rows[0].allow_create === 1);
}
else {
if (right === 'update') {
req.session.authorized = (rows[0].allow_update === 1);
}
else {
if (right === 'delete') {
req.session.authorized = (rows[0].allow_delete === 1);
}
}
}
}
}
}
}
});
connection.release();
});
}
}
};
I've never been able to get res.session.authorized with true value.
