Allow method only if call is done from server or if user is admin
Question
I'm using feathersjs and I need to secure the patch method of my service. I'm using feathers-hooks-common for the hooks. I need to allow the patch method only when the call is either made from the server or is done by an admin.
const {disallow, isNot, iff, isProvider} = require('feathers-hooks-common');
const isAdmin = context => { return context.params.user.isAdmin;}
module.exports = {
patch: [
iff(isProvider('external') && isNot(isAdmin), disallow()),
iff(isNot(isProvider('server')), disallow())
],
}
The second rule, iff(isNot(isProvider('server')), disallow()) , works ok, but I can't get the first rule to allow server calls.
1 answers
solution1
1 ACCPTED 2018-12-02 20:09:54
Hooks can not be combined with conditionals but since you are already using iff you can make it a nested statement:
const {disallow, isNot, iff, isProvider} = require('feathers-hooks-common');
const isAdmin = context => { return context.params.user.isAdmin;}
module.exports = {
patch: [
iff(isProvider('external'),
iff(isNot(isAdmin), disallow())
)
],
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How to call another method only after first method is completly done
Firebase Firestore / Realtime DB: allow write to only a specific admin user
Signalr:'default' done for a hub.server.method call
nodejs - Allow request only if coming from the server ip
How to only allow calls to PHP scripts from files on my server?
Call function 3 only after functions 1 and 2 are done
Call search function when user is done Typing
returning data for ajax call only when it is done
How to call a server side method from JS
How to call Ruby method on server from JavaScript
Related Tags