-
Notifications
You must be signed in to change notification settings - Fork 0
auth.onlyGroups
Samuel S. Donovan edited this page Feb 2, 2022
·
1 revision
auth.onlyGroups allows developers to whitelist users of certain groups for a set of pages.
If a non-user attempts to access a restricted page, they will be met with a 401 - Unauthorized response.
If a user attempts to access a page they do not have access to, they will be met with a 403 - Forbidden response.
It is important to note that unauthorized requests will not reach the defined endpoint.
auth.onlyGroups() |
Only logged in users in at least one group |
auth.onlyGroups("a", "b", "c"...) |
Only users in the groups provided |
auth.onlyGroups(["a", "b", "c"...]) |
Only users in groups in the provided array |
200 |
Authorized |
401 |
Unauthorized (not logged in) |
403 |
Forbidden (logged in, not in a whitelisted group) |
app.use("/users", auth.onlyGroups("manager"));
app.get("/users", (req, res) => {
res.send(auth.users.all());
});