Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

restrictToRoles hook: More complex determination of "owner". #205

Closed
lukasbuenger opened this Issue May 17, 2016 · 2 comments

Comments

Projects
None yet
2 participants
@lukasbuenger
Copy link

lukasbuenger commented May 17, 2016

Problem:
In many cases, the determination of an "owner" relationship between a user and a record can not be just pinned down by checking on a foreign key on the user model (e.g. everything depending on n:m relations).

Suggestion:
Introduce something like an resolveOwner field, which references a function that returns a Promise that either gets resolved (permission granted) or rejected (permission denied).

I'd gladly send a PR if you're interested, but I just wanted to check if there's already some (established) way of achieving that kind of behavior and, more importantly, how you guys think about this kind of approach.

restrictToRoles({
    roles: ['admin', 'super-admin'],
    fieldName: 'permissions',
    idField: 'id',
    resolveOwner: (hook) => {
        // check whatever
    ),
    owner: true
})

@lukasbuenger lukasbuenger changed the title `restrictToRoles` hook: More complex determination of "owner". restrictToRoles hook: More complex determination of "owner". May 17, 2016

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented May 18, 2016

I agree. I've created an issue for you to pass a callback to do whatever you want (#210) however in the mean time you can also just write your own hook to do any custom resolving.

@ekryski ekryski added this to the 1.0 milestone May 21, 2016

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Jun 30, 2016

We actually came up with a better solution. You can simply wrap any existing hooks in your own, like so:

import { hooks } from 'feathers-authentication';

exports.hashPassword = function(options) {
  // Add any custom options

  function(hook) {
    return new Promise((resolve, reject) => {
      if (myCondition !== true) {
        return resolve(hook);
      }

      // call the original hook
      hooks.hashPassword(options)(hook)
        .then(hook => {
          // do something custom
          resolve(hook);
        })
        .catch(error => {
          // do any custom error handling
          error.message = 'my custom message';
          reject(error);
        });
    });
  });
}

This provides the ultimate flexibility and doesn't require a change to the core hooks.

@ekryski ekryski closed this Jun 30, 2016

@ekryski ekryski removed the Backlog label Jun 30, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.