Middleware for checking permissions
iraniamir opened this issue · comments
Amir Irani commented
Add middleware for checking permissions .
ensureAdminHavePermission(permission) {
return {
assign: 'ensureAdminHavePermission',
method(request, reply) {
request.auth.credentials.roles.admin.hasPermissionTo(permission, (err, result) => {
if (err || !result) {
const message = `Missing ${permission} permission.`;
return reply(Boom.badRequest(message));
} else reply();
});
}
};
},
ensureRootOrHavePermission(permission) {
return {
assign: 'ensureRootOrHavePermission',
method(request, reply) {
const root = request.auth.credentials.roles.admin.isMemberOf('root');
if(root) return reply();
request.auth.credentials.roles.admin.hasPermissionTo(permission, (err, result) => {
if (err || !result) {
const message = `Missing ${permission} permission.`;
return reply(Boom.badRequest(message));
} else reply();
});
}
};
}
in :
Line 80 in 2156418
Reza Akhavan commented
The preware that comes with Frame by default demonstrate the basic concept and are meant to be extended per app. ensureAdminHavePermission
is a great demonstration of one convention people could take for route level permissions. Though I don't think we should ship preware we don't use by default.