Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var mustBe = require("mustbe");
- mustBe.configure(function(config){
- // core configuration
- // ------------------
- config.getUser(function(req, cb){
- cb(null, req.user);
- });
- config.isAuthenticated(function(user, cb){
- cb(null, !!user);
- });
- // what do we do when the user is not authenticated?
- config.notAuthenticated(function(req, res){
- res.redirect("/login?msg=you are not logged in");
- });
- // what do we do when the user is not authorized?
- config.notAuthorized(function(req, res){
- res.redirect("/login?msg=you are not authorized");
- });
- // activitiy configuration
- // -----------------------
- config.activities(function(activities){
- // 1) check if explicitly denied
- // 2) if not explicitly denied, then check explicit allowance
- // 3) if not explicitly allowed, then check authorization
- // explicitly deny anonymous users
- activities.deny(function(user, activity){
- var isAnonymous = (!!user);
- return isAnonymous;
- });
- // explicitly allow admin users
- activities.allow(function(user, activity){
- var isAdmin = (_.indexOf(user.roles, "admin") >= 0);
- return isAdmin;
- });
- // configure an activity with an authorization check
- activities.can("view thing", authorizeViewThing);
- activities.can("edit thing", authorizeEditThing);
- });
- // an authorization check
- function authorizeEditThing(user, params, cb){
- var id = params["id"];
- // do some check to see if the user can
- // edit the thing in question
- user.someThing(id, function(err, thing){
- var hasThing = !!thing;
- cb(err, hasThing);
- });
- }
- // an authorization check
- function authorizeViewThing(user, params, cb){
- var id = params["id"];
- // do some check to see if the user can
- // view the thing in question
- user.anotherThing(id, function(err, thing){
- var hasThing = !!thing;
- cb(err, hasThing);
- });
- }
- // route -> activity map
- // ---------------------
- config.routes(function(routes){
- routes.map({
- // the activity to authorize
- activity: "view thing",
- // map a request parameters to the params
- // that get passed in to the activity
- // authorization function
- getParams: function(req){
- return {
- id: req["id"]
- }
- }
- });
- routes.map({
- activity: "edit thing",
- getParams: function(req){
- return {
- id: req["id"]
- }
- }
- });
- });
- });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement