UNPKG

nodulator

Version:

Complete NodeJS Framework for Restfull APIs

github.com/Champii/Nodulator

Champii/Nodulator

24 lines (17 loc) 653 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
module.exports = # In this module are defined functions that check if the client has permissions # to access the aimed ressource class Permissions @ownedBy: (done) -> (req, res, next) -> # console.log 'ownedBy', req if req['resource']? and req[req['resource']]? obj = req[req['resource']] return res.status(403).send() if obj.user != req.user.id done req, res, next @objectBased: (obj) -> (done) -> (req, res, next) -> for key, val of obj return res.status(403).send() if not req.user[key]? or req.user[key] isnt val done req, res, next