Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds ability to limit queries unless authenticated and authorized #229

Merged
merged 4 commits into from Jul 6, 2016

Conversation

Projects
None yet
2 participants
@codingfriend1
Copy link
Contributor

codingfriend1 commented Jul 3, 2016

Often developers want to allow unauthenticated users or visitors to query data from a table but place restrictions on what type of data in the table is returned based on information in each row. This allows you to merge a restriction query into the query params to limit of the scope of what an unauthenticated user may search for.

Adds 3 hooks:

  • verifyOrRestrict({ restrict: {approved: true} })
  • populateOrRestrict({ restrict: {approved: true} })
  • hasRoleOrRestrict({roles: ['admin'], restrict: {approved: true} })

NOTICE: Currently does not filter direct ids through the get method

Adds ability to verifyOrRestrict, populateOrRestrict, or hasRoleOrRes…
…trict to either add a query restriction to the query params when the user is not authenticated or authorized or else leave the query unrestricted.

@codingfriend1 codingfriend1 changed the title Adds ability to verifyOrRestrict, populateOrRestrict, or hasRoleOrRes… Adds ability to limit queries unless authenticated and authorized Jul 3, 2016

@codingfriend1

This comment has been minimized.

Copy link
Contributor Author

codingfriend1 commented Jul 5, 2016

Should now restrict direct id queries. However if using the memory service it's necessary to use

all: [function(hook) {
      if(hook.id) {
        hook.id = parseInt(hook.id, 10);
      }
}]

to make the hook.id an integer.

codingfriend1 added some commits Jul 5, 2016

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Jul 6, 2016

@codingfriend1 thanks for the PR! I will take a look at this tomorrow or Friday. 🍻

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Jul 6, 2016

Actually this is totally awesome @codingfriend1! :shipit: Would you mind doing a PR to add these hooks to the docs? http://docs.feathersjs.com/authorization/bundled-hooks.html

@ekryski ekryski merged commit 43f1e40 into feathersjs:master Jul 6, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.