[英]Allow method only if call is done from server or if user is admin
I'm using feathersjs and I need to secure the patch method of my service. 我正在使用Feathersjs,需要保护服务的补丁方法。 I'm using
feathers-hooks-common
for the hooks. 我使用
feathers-hooks-common
的挂钩。 I need to allow the patch method only when the call is either made from the server or is done by an admin. 仅在从服务器进行调用或由管理员完成调用时,才需要允许使用patch方法。
const {disallow, isNot, iff, isProvider} = require('feathers-hooks-common');
const isAdmin = context => { return context.params.user.isAdmin;}
module.exports = {
patch: [
iff(isProvider('external') && isNot(isAdmin), disallow()),
iff(isNot(isProvider('server')), disallow())
],
}
The second rule, iff(isNot(isProvider('server')), disallow())
, works ok, but I can't get the first rule to allow server calls. 第二条规则
iff(isNot(isProvider('server')), disallow())
可以正常工作,但是我无法获得第一条规则来允许服务器调用。
Hooks can not be combined with conditionals but since you are already using iff
you can make it a nested statement: 挂钩不能与条件语句结合使用,但是由于您已经在使用
iff
,因此可以将其设为嵌套语句:
const {disallow, isNot, iff, isProvider} = require('feathers-hooks-common');
const isAdmin = context => { return context.params.user.isAdmin;}
module.exports = {
patch: [
iff(isProvider('external'),
iff(isNot(isAdmin), disallow())
)
],
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.