aquelatecnologia
commented
5 years ago is this issue still opened after so many time ?
Closed ramandeepsinghmann closed 5 years ago
aquelatecnologia
commented
5 years ago is this issue still opened after so many time ?
As read-me file describe that we can define our own custom role with following syntax.
{ register: require('hapi-authorization'), options: { roles: ['OWNER', 'MANAGER', 'EMPLOYEE'] // Can also reference a function which returns an array of roles } }Below is the validate functionvar validate = function(username, password, callback) { // Perform authentication and callback with object that contains a role or an array of roles callback(null, true, {username: username, role: 'REPORTADMIN'}); }Here i state that the user which is being login-ed has a role "REPORTADMIN" which is not being define while registering the plugin. And if an route is being assigned a role as "REPORTADMIN" the api passes the authorization check.Below is the code how i assigned the role in route.
plugins: { 'hapiAuthorization': { role: 'REPORTADMIN' }, 'hapi-swagger': { order: 0 } }What i believe that if a role is not being declared while registering then it should not validate the authorization check. Or there is no need to define the roles while registering ?