| 1 | 'use strict'
|
| 2 |
|
| 3 | const Boom = require('boom')
|
| 4 | const express = require('express')
|
| 5 | const Rbac = require('../lib')
|
| 6 |
|
| 7 | const rbac = new Rbac({
|
| 8 | checkPermission: function (id, permissions) {
|
| 9 | return new Promise((resolve, reject) => {
|
| 10 | const users = [
|
| 11 | {
|
| 12 | 'users:create': true,
|
| 13 | 'users:remove': true
|
| 14 | },
|
| 15 | {
|
| 16 | 'users:read': true
|
| 17 | }
|
| 18 | ]
|
| 19 |
|
| 20 | const found = permissions.some((permission) => {
|
| 21 | return users[id] && users[id][permission]
|
| 22 | })
|
| 23 |
|
| 24 | if (found) {
|
| 25 | return resolve()
|
| 26 | } else {
|
| 27 | return reject(new Error('Inexistent User or Permission'))
|
| 28 | }
|
| 29 | })
|
| 30 | },
|
| 31 | getReqId: (req) => req.params.userId
|
| 32 | })
|
| 33 |
|
| 34 | const app = express()
|
| 35 |
|
| 36 | app.get('/:userId',
|
| 37 |
|
| 38 | rbac.express.authorize(['users:read']),
|
| 39 | (req, res, next) => {
|
| 40 | res.json({ message: 'You have acces to this awesome content!' })
|
| 41 | })
|
| 42 |
|
| 43 | app.use((err, req, res, next) => {
|
| 44 | if (!err.isBoom) {
|
| 45 | err = Boom.wrap(err)
|
| 46 | }
|
| 47 | return res
|
| 48 | .status(err.output.statusCode)
|
| 49 | .send(err.output.payload)
|
| 50 | })
|
| 51 |
|
| 52 | app.listen(3000, () => console.log('Listening @ 3000'))
|