Permissions

auth. Permissions

Handles checking user permissions for app endpoints

Constructor

new Permissions()

Source:

Members

routes :RouteStore

Source:
Reference to all secured routes. Note that any route not explicitly secured will be denied by default.
Type:
  • RouteStore
Example
{
  post: { "/api/test": true }
}

Methods

(async, static) init() → {Promise}

Source:
Creates and instanciates the class
Returns:
Resolves with the instance
Type
Promise

(async) check(req) → {Promise}

Source:
Checks incoming request against stored permissions
Parameters:
Name Type Description
req external:ExpressRequest
Returns:
Resolves if request user passes checks
Type
Promise

(async) checkRoutes(app) → {Promise}

Source:
Checks for routes which don't have valid permissions set, and logs a warning message (as these routes will not be accessible from the API)
Parameters:
Name Type Description
app App The app instance
Returns:
Type
Promise

getScopesForRoute(method, route) → {Array}

Source:
Returns the scopes needed for a specific route
Parameters:
Name Type Description
method String HTTP method
route String The route to check
Returns:
the scopes required for route
Type
Array

secureRoute(route, method, scopes)

Source:
Restricts access to a route/endpoint
Parameters:
Name Type Description
route String The route/endpoint to secure
method String HTTP method to block
scopes Array The scopes to restrict