filter() does not seem to work when passed through middleware

[swhite2]

Hi there, loving your work! I am however running into an issue with the permission.filter() function. It seems ES6's native implementation of filter() is called when a Permission object is passed through the app with res.locals.permission. Which means that if I try to do this: res.json(res.locals.permission.filter(req.user)); it returns an empty object.

My models are defined as .readOwn('user', [ 'name', 'email', 'phone' ]), and according to the documentation I should expect just the name, email and phone as a response.

[AndreasWJ]

Found any fix or workaround?

Have the same problem, however I'm just passing the filter function forward by binding the permission object.
req.filterFn = permission.filter.bind(permission);

[TheLartians]

I've run into a similar issue using Mongoose Documents, where permission.filter(user) returned empty objects. My current workaround is converting the document to an object first via permission.filter(user.toObject()).

[noclat]

Yep, that's because res.locals serializes data, it's not meant to hold instances. You can pass them across middlewares using the req object, like req.permissions = [/* ... */] and there you'd be able to access all its methods.
Though, AccessControl exposes the filter method on its instance as well (ac.filter()), so maybe there's no need to access it from the permission.