4
This commit is contained in:
parent
3774101713
commit
7b36c0592f
3 changed files with 15 additions and 13 deletions
|
@ -1,5 +1,5 @@
|
||||||
# security
|
# security
|
||||||
[![version 0.0.0-alpha+3](https://img.shields.io/badge/pub-v0.0.0--alpha+3-red.svg)](https://pub.dartlang.org/packages/angel_security)
|
[![version 0.0.0-alpha+4](https://img.shields.io/badge/pub-v0.0.0--alpha+4-red.svg)](https://pub.dartlang.org/packages/angel_security)
|
||||||
[![build status](https://travis-ci.org/angel-dart/security.svg)](https://travis-ci.org/angel-dart/security)
|
[![build status](https://travis-ci.org/angel-dart/security.svg)](https://travis-ci.org/angel-dart/security)
|
||||||
|
|
||||||
Angel middleware designed to enhance application security by patching common Web security
|
Angel middleware designed to enhance application security by patching common Web security
|
||||||
|
|
|
@ -13,20 +13,22 @@ class Permission {
|
||||||
HookedServiceEventListener toHook(
|
HookedServiceEventListener toHook(
|
||||||
{String message, String userKey, getRoles(user)}) {
|
{String message, String userKey, getRoles(user)}) {
|
||||||
return (HookedServiceEvent e) async {
|
return (HookedServiceEvent e) async {
|
||||||
var user = e.request.grab(userKey ?? 'user');
|
if (e.params.containsKey('provider')) {
|
||||||
|
var user = e.request.grab(userKey ?? 'user');
|
||||||
|
|
||||||
if (user == null)
|
if (user == null)
|
||||||
throw new AngelHttpException.forbidden(
|
throw new AngelHttpException.forbidden(
|
||||||
message: message ??
|
message: message ??
|
||||||
'You have insufficient permissions to perform this action.');
|
'You have insufficient permissions to perform this action.');
|
||||||
|
|
||||||
var roleFinder = getRoles ?? (user) async => user.roles ?? [];
|
var roleFinder = getRoles ?? (user) async => user.roles ?? [];
|
||||||
List<String> roles = (await roleFinder(user)).toList();
|
List<String> roles = (await roleFinder(user)).toList();
|
||||||
|
|
||||||
if (!roles.any(verify))
|
if (!roles.any(verify))
|
||||||
throw new AngelHttpException.forbidden(
|
throw new AngelHttpException.forbidden(
|
||||||
message: message ??
|
message: message ??
|
||||||
'You have insufficient permissions to perform this action.');
|
'You have insufficient permissions to perform this action.');
|
||||||
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
name: angel_security
|
name: angel_security
|
||||||
version: 0.0.0-alpha+3
|
version: 0.0.0-alpha+4
|
||||||
description: Angel middleware designed to enhance application security by patching common Web security holes.
|
description: Angel middleware designed to enhance application security by patching common Web security holes.
|
||||||
author: Tobe O <thosakwe@gmail.com>
|
author: Tobe O <thosakwe@gmail.com>
|
||||||
environment:
|
environment:
|
||||||
|
|
Loading…
Reference in a new issue