1 | 'use strict'
|
2 |
|
3 | const Boom = require('boom')
|
4 | const express = require('express')
|
5 | const Rbac = require('../lib')
|
6 |
|
7 | const rbac = new Rbac({
|
8 | checkPermission: function (id, permissions) {
|
9 | return new Promise((resolve, reject) => {
|
10 | const users = [
|
11 | {
|
12 | 'users:create': true,
|
13 | 'users:remove': true
|
14 | },
|
15 | {
|
16 | 'users:read': true
|
17 | }
|
18 | ]
|
19 |
|
20 | const found = permissions.some((permission) => {
|
21 | return users[id] && users[id][permission]
|
22 | })
|
23 |
|
24 | if (found) {
|
25 | return resolve()
|
26 | } else {
|
27 | return reject(new Error('Inexistent User or Permission'))
|
28 | }
|
29 | })
|
30 | },
|
31 | getReqId: (req) => req.params.userId
|
32 | })
|
33 |
|
34 | const app = express()
|
35 |
|
36 | app.get('/:userId',
|
37 |
|
38 | rbac.express.authorize(['users:read']),
|
39 | (req, res, next) => {
|
40 | res.json({ message: 'You have acces to this awesome content!' })
|
41 | })
|
42 |
|
43 | app.use((err, req, res, next) => {
|
44 | if (!err.isBoom) {
|
45 | err = Boom.wrap(err)
|
46 | }
|
47 | return res
|
48 | .status(err.output.statusCode)
|
49 | .send(err.output.payload)
|
50 | })
|
51 |
|
52 | app.listen(3000, () => console.log('Listening @ 3000'))
|