search

agco / harvesterjs

Create JSONAPI-compliant APIs over a Node.js + MongoDB stack in an easy, boilerplate-free manner
http://agco.github.io/harvesterjs/
MIT License
68 stars 13 forks source link

Harvest should support a resource-level authorization mechanism #85

Open ssebro opened 9 years ago

ssebro commented 9 years ago 
    harvester.setAuthorization(function(req){
           //Here's all possible return types and how they should be handled.
           return promise;//resolved means authorized, rejected means not authorized. Return 403 jsonapi error.
           return JSONAPI_Error; //serialize and send this jsonapi error

           throw new Error; //should become a 500 error by default, which is correct here.
           throw new JSONAPI_Error; //serialize and send this jsonapi error
           //any other return type, its a 500.
    });
   var category = harvester
        .resource('categories', {
            name: Joi.string().required().description('a name'),
            links: {
                brand: 'brands'
            }
        });

    //Disables the authorization mechanism. Dynamic authorization is achieved via the .before clause.
    category.get().authorize(false).register();
    category.getById().authorize(false).register();
ssebro commented 9 years ago

Should autogenerate 'category.view' etc