Acl
Restrict calling a class method using an acl. Arguments are declared in pairs of a check type and an option object. When multiple pairs are declared, the caller is permitted access if passing any of the criteria. A script.accessDenied.acl
Fault
is thrown if all checks fail. To create an and style check, stack multiple @acl
decorators.
class Secured {
// allows any administrator or account holder with matching email addresses.
// service account emails take the form `${serviceAccount.name}@${org.code}-iam.serviceaccount.medable.com`
@acl(
'role', consts.roles.Administrator,
'account', ['[email protected]', 'sample@$env123-iam.serviceaccount.medable.com']
)
foo() {
}
// fails unless the first argument equals a particular value and the method caller is [email protected]
@acl('assert', (principal, arg1) => arg1 === 'knock knock' && principal.email === '[email protected]' )
bar(arg1, arg2) {
}
}
@acl( type, options, ... )
Arguments
type
{ String } Options object. One of (account, role, assert).options
{ * }For
account
{ String[] | ObjectID[] } An account id or email list that's allowed access.For
role
{ ObjectID[] } A role identifier list.For
assert
{ Function } A function that takes the calling principal and the methods arguments and must returna "truey" value to allow access. (`function(principal, arg1, args, ...) { return true })
Last updated
Was this helpful?