Commit c4f71ba9 authored by Jarrod's avatar Jarrod 💬

Add auth check

parent d1128965
......@@ -2,19 +2,23 @@ module.exports = function (req, res, next) {
const logLevel = 'debug'
sails.log[logLevel]('Checking permission for ' + req.method + ' ' + req.path);
sails.log.warn('Skipping permissions check!')
return next()
let routeConfig = sails.config.routes[ req.method + ' ' + req.path ];
let permission = routeConfig ? routeConfig.permission : null;
if ((routeConfig.auth || permission) && !req.me) {
sails.log[logLevel](' ❌ User is not authenticated - bailing on request');
return res.unauthorized();
}
if (!permission) {
sails.log[logLevel](' ✓ No special permissions require for route');
sails.log[logLevel](' ✓ No special permissions required for route');
return next();
}
sails.log[logLevel](' - Permission is required: ', permission);
if (!req.me) {
sails.log[logLevel](' ❌ User is not authenticated - bailing on request');
return res.unauthorized();
}
if (req.me && User.hasPermission(req.me, User.PERMISSIONS[permission])) {
sails.log[logLevel](' ✓ User has required permission ' + permission);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment