This module exports a function which creates express midddleware to test if a user has certain permissions. It assumes that there is a user
property defined on the req
object.
- Source:
Example
const dmv = require('dmv');
const permits = dmv.expressMiddleware.permits;
const hasRole = dmv.expressMiddleware.hasRole;
router.use(permits('eat', 'bricks'));
router.use('/bricks/:id/eat');
// less robust!
router.use(hasRole('mason'));
router.use('/bricks')
// If the req.user doesn't have a role which gives it permission to eat bricks, a 401 will be sent.
Members
(inner, constant) permitsFactory
returns a function that is like permits but for an explicit noun
- Source:
Methods
(static) user(cb)
Function to set method for pulling user off req or res
Parameters:
Name | Type | Description |
---|---|---|
cb |
function | your function to return user |
- Source:
(inner) getUser(req, res) → {User}
Default function to pull user off request object
Parameters:
Name | Type | Description |
---|---|---|
req |
Request | |
res |
Response |
- Source:
Returns:
- Type
- User
(inner) hasRole(verb, noun) → {middleware}
middleware factory to determine if req.user has a role
Parameters:
Name | Type | Description |
---|---|---|
verb |
string | |
noun |
string |
- Source:
Returns:
- Type
- middleware
(inner) permits(verb, noun) → {middleware}
middleware factory to determine if req.user has permission to noun a verb
Parameters:
Name | Type | Description |
---|---|---|
verb |
string | |
noun |
string |
- Source:
Returns:
- Type
- middleware