Search…
Acl
Restrict calling a class method using an acl. Arguments are declared in pairs of a check type and an option object. When multiple pairs are declared, the caller is permitted access if passing any of the criteria. A script.accessDenied.acl Fault is thrown if all checks fail. To create an and style check, stack multiple @acl decorators.
1
class Secured {
2
3
// allows any administrator or account holder with matching email addresses.
4
// service account emails take the form `${serviceAccount.name}@${org.code}-iam.serviceaccount.medable.com`
5
@acl(
6
'role', consts.roles.Administrator,
7
'account', ['[email protected]', '[email protected]$env123-iam.serviceaccount.medable.com']
8
)
9
foo() {
10
}
11
12
// fails unless the first argument equals a particular value and the method caller is [email protected]
13
@acl('assert', (principal, arg1) => arg1 === 'knock knock' && principal.email === '[email protected]' )
14
bar(arg1, arg2) {
15
}
16
17
}
Copied!

@acl( type, options, ... )

Arguments
  • type { String } Options object. One of (account, role, assert).
  • options { * }
    • For account { String[] | ObjectID[] } An account id or email list that's allowed access.
    • For role { ObjectID[] } A role identifier list.
    • For assert { Function } A function that takes the calling principal and the methods arguments and must return
      a "truey" value to allow access. (`function(principal, arg1, args, ...) { return true })
Last modified 2mo ago