Closed ariutta closed 9 years ago
Actually, this change is major, because it changes the API for roles.use
. All I need is for res
to be available inside user.use
. Is there any way to do that without changing the API?
Why is this needed? This is a deliberately high level, opinionated library that aims to force you to structure your authorisation rules in a sensible way. Allowing authorisation rules to modify / interact with the response object seems to run counter to that?
The idea comes from strong parameters in Rails. strong parameters allows for nested, conditional authorization for updates. This does the same for reads.
I'm sorry, I'm not familiar with "strong parameters". Could you summarise how these nested, conditional authorizations work, and why they require the res
to be accessible?
If you're familiar with .NET, check out ServiceStack's request and Response filters.
Otherwise, these StackOverflow questions address the same general issue:'
Hello,
This is an update to make
res
available inuser.use(req, res)
. My use case creates ares.jsonAuthorized
method that filters the response, using a JSON Schema, before callingres.json
: