/** * requiredRole: TStringOrNumber|TStringOrNumber[] - The required role(s) * permissions: TStringOrNumber|TStringOrNumber[] - The required premission(s) * failedCode: number - The response code in case the policy will fail **/Authorized(requiredRole: TStringOrNumber|TStringOrNumber[] =null, permissions: TStringOrNumber|TStringOrNumber[] =null, failedCode: number =401)
The Authorized decorator use for validate if the user is authorized and in the right role & have the right permissions(optional).
In case null will pass the value won't be checked.
Initialize
The Authorized policy will use the AuthProvider which pass while the server init: init(boostrapModule: any, rootPath?: string, moduleMetaKey?: string, authProvider?: AuthProvider)
The AuthProvider will init for each request, the AuthProvider holding the request headers & cookies.
Example
exportclassAuthorizationextendsAuthProvider<User> {/** * Verify if user is authorized * * Implemented dummy check for x-sug-demo header to be equal to "Wyn1RRR9PQJPaqYM" * * @returns{Promise<boolean>} */isAuthenticated():Promise<boolean> {returnPromise.resolve(this.headers["x-sug-demo"] ==="Wyn1RRR9PQJPaqYM"); }getUser(req?:e.Request, res?:e.Response, next?:e.NextFunction):Promise<any> {returnthis.details ?Promise.resolve(this.details):UserService.getUser(UserService.getIdFromCookie(this.cookie)).then((user:User)=>{this.details = user;return user; }) }isInRole(...roles:Array<string|number>):Promise<boolean> {returnthis.getUser().then(user=>roles.includes(user.role)); }/** * Check if on of user has some of the permissions. **/isAllowedTo(...permissions:Array<string|number>):Promise<boolean> {returnthis.getUser().then(user=>permissions.some(permission=>user.permissions.includes(permission))); }isResourceOwner(resourceId:any):Promise<boolean> {returnthis.getUser().then(user=>Resources.checkIfOwner(resourceId,user.id)); }}
@Controller('/dashboard')exportclassDashboardController {constructor() { } @HttpPost("/:id") @Authorized(["User","Admin"],"User.READ") @Authorized(null,"User.READ_BY_ID") // This case promise the user have both "User.READ" AND "User.READ_BY_ID" permissionsgetUser(@RequestParam("id") id:number, @RequestBody() body:{role:{text:string}}) {returnUser.findOne({id,role:body.role.text}) }}