harvester.setAuthorization(function(req){
//Here's all possible return types and how they should be handled.
return promise;//resolved means authorized, rejected means not authorized. Return 403 jsonapi error.
return JSONAPI_Error; //serialize and send this jsonapi error
throw new Error; //should become a 500 error by default, which is correct here.
throw new JSONAPI_Error; //serialize and send this jsonapi error
//any other return type, its a 500.
});
var category = harvester
.resource('categories', {
name: Joi.string().required().description('a name'),
links: {
brand: 'brands'
}
});
//Disables the authorization mechanism. Dynamic authorization is achieved via the .before clause.
category.get().authorize(false).register();
category.getById().authorize(false).register();