Untuk menentukan role dari user, misalnya apakah di administrator, staff, member, dll
class Rbac {
async handle ({ request, auth }, next, rule) {
const roles = rule
if (roles.length == 0) {
await next()
} else {
try {
const user = await auth.current.user
const role = user.role
if(roles.includes(role)){
await next()
} else {
throw new Error(`Only user with role: ${roles} can access the route`)
}
} catch (e) {
console.log(e)
throw new Error(`Only user with role: ${roles} can access the route`)
}
}
}
}
module.exports = Rbac
const namedMiddleware = {
auth: 'Adonis/Middleware/Auth',
guest: 'Adonis/Middleware/AllowGuestOnly',
rbac: 'App/Middleware/Rbac' // <= ini
}
// route khusus administrator
Route.group(() => {
Route.resource('manage-user', 'UserController').apiOnly()
// route lain
}).prefix('api/v1').middleware(['auth:jwt', 'rbac:administrator'])
// route khusus untuk member
Route.group(() => {
Route.resource('membership', 'MemberController').apiOnly()
// route lain
}).prefix('api/v1').middleware(['auth:jwt', 'rbac:member'])
// route untuk administartor dan member
Route.group(() => {
Route.post('/profile', 'ProfileController.update')
}).prefix('api/v1').middleware(['auth:jwt', 'rbac:administrator,member'])
hasRole(roles){
const role = this.role
return roles.includes(role)
}
sehingga bisa dipakai di controller misalnya
async check ({ request, auth, response }) {
const user = await auth.current.user
if (user.hasRole(['administrator'])){
// aksi untuk administrator saja
}
}
Iya sih benar om.. aku ganti jadi