This commit is contained in:
thosakwe 2017-01-20 22:39:39 -05:00
parent 3774101713
commit 7b36c0592f
3 changed files with 15 additions and 13 deletions

View file

@ -1,5 +1,5 @@
# security
[![version 0.0.0-alpha+3](https://img.shields.io/badge/pub-v0.0.0--alpha+3-red.svg)](https://pub.dartlang.org/packages/angel_security)
[![version 0.0.0-alpha+4](https://img.shields.io/badge/pub-v0.0.0--alpha+4-red.svg)](https://pub.dartlang.org/packages/angel_security)
[![build status](https://travis-ci.org/angel-dart/security.svg)](https://travis-ci.org/angel-dart/security)
Angel middleware designed to enhance application security by patching common Web security

View file

@ -13,20 +13,22 @@ class Permission {
HookedServiceEventListener toHook(
{String message, String userKey, getRoles(user)}) {
return (HookedServiceEvent e) async {
var user = e.request.grab(userKey ?? 'user');
if (e.params.containsKey('provider')) {
var user = e.request.grab(userKey ?? 'user');
if (user == null)
throw new AngelHttpException.forbidden(
message: message ??
'You have insufficient permissions to perform this action.');
if (user == null)
throw new AngelHttpException.forbidden(
message: message ??
'You have insufficient permissions to perform this action.');
var roleFinder = getRoles ?? (user) async => user.roles ?? [];
List<String> roles = (await roleFinder(user)).toList();
var roleFinder = getRoles ?? (user) async => user.roles ?? [];
List<String> roles = (await roleFinder(user)).toList();
if (!roles.any(verify))
throw new AngelHttpException.forbidden(
message: message ??
'You have insufficient permissions to perform this action.');
if (!roles.any(verify))
throw new AngelHttpException.forbidden(
message: message ??
'You have insufficient permissions to perform this action.');
}
};
}

View file

@ -1,5 +1,5 @@
name: angel_security
version: 0.0.0-alpha+3
version: 0.0.0-alpha+4
description: Angel middleware designed to enhance application security by patching common Web security holes.
author: Tobe O <thosakwe@gmail.com>
environment: