We do user access validation in the controller, or create multiple middle-wares which may not scale in case we have different combinations of policies all over the place. Instead we could divide those validations and create a parameterized middleware for handling such cases.
For example we could have fine grain policies
class IsAdminPolicy {
get name() {
return 'admin'
}
authorize({auth}) {
return auth.user.hasRole('admin')
}
}
and create our middleware that will parse such parameters
and use it as middleware(['is:admin|self'])
which allow access for either admin or self.
for AND auth. just chain them middleware(['is:admin', 'is:self'])
We do user access validation in the controller, or create multiple middle-wares which may not scale in case we have different combinations of policies all over the place. Instead we could divide those validations and create a parameterized middleware for handling such cases.
For example we could have fine grain policies
and create our middleware that will parse such parameters
and use it as
middleware(['is:admin|self'])
which allow access for either admin or self. for AND auth. just chain them
middleware(['is:admin', 'is:self'])