Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
]);
currentUser = {[securityId]: user.id, name: user.name, email: user.email};
} else {
return AuthorizationDecision.DENY;
}
// A workaround to bypass the authorizer priority
// class level authorizer should have higher priority than the instance level one
// which means the DENY returned in this function will be ignored when the global authorizer
// says ALLOW
if (currentUser && currentUser.name === 'customer_service')
return AuthorizationDecision.ALLOW;
const userId = authorizationCtx.invocationContext.args[0];
return userId === currentUser[securityId]
? AuthorizationDecision.ALLOW
: AuthorizationDecision.DENY;
}
async authorize(
authorizationCtx: AuthorizationContext,
metadata: AuthorizationMetadata,
) {
const request: AuthorizationRequest = {
subject: authorizationCtx.principals[0].name,
object: metadata.resource ?? authorizationCtx.resource,
action: (metadata.scopes && metadata.scopes[0]) || 'execute',
};
const allow = await this.enforcer.enforce(
request.subject,
request.object,
request.action,
);
if (allow) return AuthorizationDecision.ALLOW;
else if (allow === false) return AuthorizationDecision.DENY;
return AuthorizationDecision.ABSTAIN;
}
}