feat(Admin System): Add middleware for securing routes according to privs #999
Conversation
There was a problem hiding this comment.
Looking really good @the-good-boy !
Everything working as expected. I tried hard to break it, but only found some minor issues with error handling.
I deployed the PR to test.BB for testing in situ, works a treat :)
Nice and reactive with the fetching privs for each query !
| @@ -172,3 +172,24 @@ export function isAuthenticatedForCollectionView(req, res, next) { | |||
| 'You do not have permission to view this collection', req | |||
| ); | |||
| } | |||
|
|
|||
| export function isAuthorized(flag) { | |||
There was a problem hiding this comment.
I think it could be useful (but not required) to turn this file into a TypeScript file and get some completion and validation.
We could think about passing whole PrivilegeTypes objects to this function, which would make sure it is only really called with the right objects (and prevent typos, etc. in the future).
That being said, turning this file into a .ts file might create a lot of errors that would ne to be fixed, so it would make sense to refactor in another PR and keep this one clean (considering it's working nicely)
It would look something like this: TS Codepen.
What do you think?
This PR adds a middleware to facilitate privilege-based access to certain routes.