0
0
Expressframework~20 mins

Permission middleware in Express - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Permission Middleware Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens when a user without permission accesses the route?

Consider this Express middleware that checks user permissions before allowing access to a route.

function checkPermission(permission) {
  return (req, res, next) => {
    if (req.user?.permissions?.includes(permission)) {
      next();
    } else {
      res.status(403).send('Forbidden');
    }
  };
}

app.get('/admin', checkPermission('admin'), (req, res) => {
  res.send('Welcome Admin');
});

What will the server respond if a user without the 'admin' permission tries to access '/admin'?

AThe server responds with status 403 and message 'Forbidden'.
BThe server responds with status 200 and message 'Welcome Admin'.
CThe server responds with status 404 because the route is not found.
DThe server crashes with a TypeError because req.user is undefined.
Attempts:
2 left
💡 Hint

Look at the middleware logic and what happens when the permission is missing.

📝 Syntax
intermediate
2:00remaining
Which middleware syntax correctly checks for multiple permissions?

You want to create middleware that allows access if the user has any of the given permissions.

Which option correctly implements this?

A
function checkAnyPermission(permissions) {
  return (req, res, next) => {
    if (permissions.find(p => req.user.permissions.includes(p))) {
      next();
    } else {
      res.status(403).send('Forbidden');
    }
  };
}
B
function checkAnyPermission(permissions) {
  return (req, res, next) => {
    if (permissions.every(p => req.user.permissions.includes(p))) {
      next();
    } else {
      res.status(403).send('Forbidden');
    }
  };
}
C
function checkAnyPermission(permissions) {
  return (req, res, next) => {
    if (req.user.permissions.includes(permissions)) {
      next();
    } else {
      res.status(403).send('Forbidden');
    }
  };
}
D
function checkAnyPermission(permissions) {
  return (req, res, next) => {
    if (permissions.some(p => req.user.permissions.includes(p))) {
      next();
    } else {
      res.status(403).send('Forbidden');
    }
  };
}
Attempts:
2 left
💡 Hint

Use an array method that returns true if at least one element matches.

🔧 Debug
advanced
2:00remaining
Why does this permission middleware cause a crash?

Look at this middleware code:

function checkPermission(permission) {
  return (req, res, next) => {
    if (req.user.permissions.includes(permission)) {
      next();
    } else {
      res.status(403).send('Forbidden');
    }
  };
}

Sometimes the server crashes with TypeError: Cannot read property 'includes' of undefined. Why?

ABecause <code>req.user</code> or <code>req.user.permissions</code> can be undefined if the user is not authenticated.
BBecause <code>permission</code> is not a string.
CBecause <code>next()</code> is not called properly.
DBecause <code>res.status(403).send()</code> is missing a return statement.
Attempts:
2 left
💡 Hint

Think about what happens if the user is not logged in.

state_output
advanced
2:00remaining
What is the response when middleware calls next() twice?

Consider this middleware:

function checkPermission(permission) {
  return (req, res, next) => {
    if (req.user?.permissions?.includes(permission)) {
      next();
      next();
    } else {
      res.status(403).send('Forbidden');
    }
  };
}

What happens when a user with the permission accesses the route?

AThe server sends two responses causing a network error.
BThe server responds normally with the route handler output.
CThe server throws an error because next() is called multiple times.
DThe server ignores the second next() call silently.
Attempts:
2 left
💡 Hint

Calling next() more than once in Express middleware is problematic.

🧠 Conceptual
expert
3:00remaining
How to design permission middleware for asynchronous user data loading?

You want to create permission middleware but user permissions are loaded asynchronously from a database.

Which approach correctly handles this in Express?

ALoad permissions outside middleware and store in a global variable for synchronous access.
BMake the middleware function async and use await to get permissions, then call next() or send response.
CCall next() immediately and check permissions later in the route handler.
DUse setTimeout to delay permission check inside middleware.
Attempts:
2 left
💡 Hint

Express supports async middleware functions that return promises.