Your last update added functions to know if a user had permissions directly or through a role which was great..
But this doesn't work with the included middleware you have... It initially passes the 'canAnyPermission', but then runs the 'hasAnyPermission' and fails.
if ('canAnyPermission' in user && !(await user.canAnyPermission(...permissions))) {
throw E_PERMISSION_UNAUTHORIZED_ACCESS.forPermissions(permissions);
}
if (!(await user.hasAnyPermission(...permissions))) {
throw E_PERMISSION_UNAUTHORIZED_ACCESS.forPermissions(permissions);
}
return next();
should the canAnyPermission line return next() early,
or should the hasAnyPermission function only be called if the 'canAnyPermission function fails?
Your last update added functions to know if a user had permissions directly or through a role which was great..
But this doesn't work with the included middleware you have... It initially passes the 'canAnyPermission', but then runs the 'hasAnyPermission' and fails.
should the
canAnyPermissionline return next() early, or should thehasAnyPermissionfunction only be called if the 'canAnyPermissionfunction fails?Or is it simply not required anymore?