restrictToRoles hook: More complex determination of "owner".

[lukasbuenger]

Problem:
In many cases, the determination of an "owner" relationship between a user and a record can not be just pinned down by checking on a foreign key on the user model (e.g. everything depending on n:m relations).

Suggestion:
Introduce something like an resolveOwner field, which references a function that returns a Promise that either gets resolved (permission granted) or rejected (permission denied).

I'd gladly send a PR if you're interested, but I just wanted to check if there's already some (established) way of achieving that kind of behavior and, more importantly, how you guys think about this kind of approach.

restrictToRoles({
    roles: ['admin', 'super-admin'],
    fieldName: 'permissions',
    idField: 'id',
    resolveOwner: (hook) => {
        // check whatever
    ),
    owner: true
})

[ekryski]

I agree. I've created an issue for you to pass a callback to do whatever you want (#210) however in the mean time you can also just write your own hook to do any custom resolving.

[ekryski]

We actually came up with a better solution. You can simply wrap any existing hooks in your own, like so:

import { hooks } from 'feathers-authentication';

exports.hashPassword = function(options) {
  // Add any custom options

  function(hook) {
    return new Promise((resolve, reject) => {
      if (myCondition !== true) {
        return resolve(hook);
      }

      // call the original hook
      hooks.hashPassword(options)(hook)
        .then(hook => {
          // do something custom
          resolve(hook);
        })
        .catch(error => {
          // do any custom error handling
          error.message = 'my custom message';
          reject(error);
        });
    });
  });
}

This provides the ultimate flexibility and doesn't require a change to the core hooks.