New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(Admin System): Add middleware for securing routes according to privs #999
feat(Admin System): Add middleware for securing routes according to privs #999
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking really good @the-good-boy !
Everything working as expected. I tried hard to break it, but only found some minor issues with error handling.
I deployed the PR to test.BB for testing in situ, works a treat :)
Nice and reactive with the fetching privs for each query !
@@ -172,3 +172,24 @@ export function isAuthenticatedForCollectionView(req, res, next) { | |||
'You do not have permission to view this collection', req | |||
); | |||
} | |||
|
|||
export function isAuthorized(flag) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it could be useful (but not required) to turn this file into a TypeScript file and get some completion and validation.
We could think about passing whole PrivilegeTypes
objects to this function, which would make sure it is only really called with the right objects (and prevent typos, etc. in the future).
That being said, turning this file into a .ts file might create a lot of errors that would ne to be fixed, so it would make sense to refactor in another PR and keep this one clean (considering it's working nicely)
It would look something like this: TS Codepen.
What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good to go !
This PR adds a middleware to facilitate privilege-based access to certain routes.