How to use the @loopback/authorization.AuthorizationDecision.ALLOW function in @loopback/authorization

To help you get started, we’ve selected a few @loopback/authorization examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github strongloop / loopback4-example-shopping / packages / shopping / src / services / id.compare.authorizor.ts View on Github external
]);
    currentUser = {[securityId]: user.id, name: user.name, email: user.email};
  } else {
    return AuthorizationDecision.DENY;
  }

  // A workaround to bypass the authorizer priority
  // class level authorizer should have higher priority than the instance level one
  // which means the DENY returned in this function will be ignored when the global authorizer
  // says ALLOW
  if (currentUser && currentUser.name === 'customer_service')
    return AuthorizationDecision.ALLOW;

  const userId = authorizationCtx.invocationContext.args[0];
  return userId === currentUser[securityId]
    ? AuthorizationDecision.ALLOW
    : AuthorizationDecision.DENY;
}
github strongloop / loopback4-example-shopping / packages / shopping / src / services / authorizor.ts View on Github external
async authorize(
    authorizationCtx: AuthorizationContext,
    metadata: AuthorizationMetadata,
  ) {
    const request: AuthorizationRequest = {
      subject: authorizationCtx.principals[0].name,
      object: metadata.resource ?? authorizationCtx.resource,
      action: (metadata.scopes && metadata.scopes[0]) || 'execute',
    };

    const allow = await this.enforcer.enforce(
      request.subject,
      request.object,
      request.action,
    );
    if (allow) return AuthorizationDecision.ALLOW;
    else if (allow === false) return AuthorizationDecision.DENY;
    return AuthorizationDecision.ABSTAIN;
  }
}