Now that the periods backend is working, there are a two small changes we will want to make that both involve middleware. Particularly, we want to restrict access to this route to users with a certain Periods permission (which has yet to be created) and we want the route to be cached.
1. Permission
In order to restrict access to this route to a certain permission, we first need to create a new permission to handle Periods access. The "source of truth" for permissions is found in the PermissionsDao and is entirely dynamic. Creating a new permission there will make it appear on the frontend group permission selector and make it enforceable wherever permissions can be enforced.
Create a new permission named PERIOD with a type pages. Give it a meaningful description that mirrors those of other "pages" typed permissions. You will have to adjust the associated types so that it doesn't throw an error when creating this permission in the DAO object.
Once that permission has been created, simply add the permissionsRoute middleware to the GET /periods route that you created in the last issue so that access to the route can be restricted based on the requesting user has the PERIOD permission.
At this point, if you send a Postman request to this route without "logging in" with a token on the request, it should return a 401 Unauthorized error. If you send the same request "logged in" with a token for a user without the new permission, you should see a 403 Forbidden error. Likewise, if you send the request as yourself, you should see the PeriodResponse object returned successfully with a 200 HTTP status code.
2. Cache
We want to make sure that the period data is cached so that it loads quickly when users visit the page. This data will hardly ever change so caching it does not introduce any real problems.
To do so, simply add the cacheMiddleware function to the route. You do not need to apply a filter to this cache. Make sure that the cacheMiddleware is applied to the route AFTER the permissionsRoute so that no cached values leak through to non-authorized users. You also must add the cache.insert function to the inside of the route code as well, making sure that you send the returned value as the response (Look at other cache.insert calls for reference).
At this point, you should be able to send a Postman request to the route and get the normal results. Send it again, however, and you should get the results much, much faster if everything is working properly.
Now that the periods backend is working, there are a two small changes we will want to make that both involve middleware. Particularly, we want to restrict access to this route to users with a certain Periods permission (which has yet to be created) and we want the route to be cached.
1. Permission In order to restrict access to this route to a certain permission, we first need to create a new permission to handle Periods access. The "source of truth" for permissions is found in the
PermissionsDaoand is entirely dynamic. Creating a new permission there will make it appear on the frontend group permission selector and make it enforceable wherever permissions can be enforced.Create a new permission named
PERIODwith a typepages. Give it a meaningful description that mirrors those of other "pages" typed permissions. You will have to adjust the associated types so that it doesn't throw an error when creating this permission in the DAO object.Once that permission has been created, simply add the
permissionsRoutemiddleware to theGET /periodsroute that you created in the last issue so that access to the route can be restricted based on the requesting user has thePERIODpermission.At this point, if you send a Postman request to this route without "logging in" with a token on the request, it should return a
401 Unauthorizederror. If you send the same request "logged in" with a token for a user without the new permission, you should see a403 Forbiddenerror. Likewise, if you send the request as yourself, you should see thePeriodResponseobject returned successfully with a200HTTP status code.2. Cache We want to make sure that the period data is cached so that it loads quickly when users visit the page. This data will hardly ever change so caching it does not introduce any real problems.
To do so, simply add the
cacheMiddlewarefunction to the route. You do not need to apply a filter to this cache. Make sure that thecacheMiddlewareis applied to the route AFTER thepermissionsRouteso that no cached values leak through to non-authorized users. You also must add thecache.insertfunction to the inside of the route code as well, making sure that you send the returned value as the response (Look at othercache.insertcalls for reference).At this point, you should be able to send a Postman request to the route and get the normal results. Send it again, however, and you should get the results much, much faster if everything is working properly.