仅当从服务器完成呼叫或用户为管理员时,才允许使用方法
[英]Allow method only if call is done from server or if user is admin
问题描述
I'm using feathersjs and I need to secure the patch method of my service. 
我正在使用Feathersjs,需要保护服务的补丁方法。 I'm using feathers-hooks-common for the hooks. 我使用feathers-hooks-common的挂钩。 I need to allow the patch method only when the call is either made from the server or is done by an admin. 仅在从服务器进行调用或由管理员完成调用时,才需要允许使用patch方法。
const {disallow, isNot, iff, isProvider} = require('feathers-hooks-common');
const isAdmin = context => { return context.params.user.isAdmin;}
module.exports = {
patch: [
iff(isProvider('external') && isNot(isAdmin), disallow()),
iff(isNot(isProvider('server')), disallow())
],
}
The second rule, iff(isNot(isProvider('server')), disallow()) , works ok, but I can't get the first rule to allow server calls. 第二条规则iff(isNot(isProvider('server')), disallow())可以正常工作,但是我无法获得第一条规则来允许服务器调用。
1 个解决方案
解决方案1
1 已采纳 2018-12-02 20:09:54
Hooks can not be combined with conditionals but since you are already using iff you can make it a nested statement: 挂钩不能与条件语句结合使用,但是由于您已经在使用iff ,因此可以将其设为嵌套语句:
const {disallow, isNot, iff, isProvider} = require('feathers-hooks-common');
const isAdmin = context => { return context.params.user.isAdmin;}
module.exports = {
patch: [
iff(isProvider('external'),
iff(isNot(isAdmin), disallow())
)
],
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.