ACL doubts with node.js!

I'm trying to implement Authorization (ACL) using the npm plugin "node_acl" in a Node.js application with express, I'm trying to implement as explained in the documentation .. however I'm having difficulty applying this in practice .. I have the following code in a projectController.js file

import express from 'express';
import authMiddleware from '../middlewares/auth';
import mongoose from '../../database';

const router = express.Router();

let acl = require('acl');
acl = new acl(new acl.mongodbBackend(mongoose.connection.db, 'acl_'));

acl.allow("admin", "/projects", "*");

router.use(authMiddleware);
router.use(acl.middleware());

router.get('/', (req, res) => {
  res.send({ 
    ok: true, 
    user: req.userId
  })
});

export default (app) => app.use('/projects', router);

Did I miss something?

Thank you!