ssebro/extended_dsl+auth_as_default_middleware.js

## extended_dsl+auth_as_default_middleware.js
'use strict';

var Joi = require('joi');

//##OPTION B: authorization as default middleware
module.exports = function (harvestApp, mustbeConfig) {

    var customJoiValidationSchema = {query: {myAwesomeParam: Joi.string().required().description('My awesome parameter')}};

    var harvestApp = harvestApp
        .resource('category', {
            name: Joi.string().required().description('a name'),
            links: {
                foo: 'foo'
            }
        })
        .validate({post:customJoiValidationSchema})
        //.validate() only needed when you want to override/augment defaults
        .authorize({
            get:"category.get",
            getById:"category.get",
            getChangeEventsStreaming:"category.get",
            delete: {activity:"category.mutate", promise: authorizeCategoryMutate}
        })
        //.authorize() sets up activities (if not yet created), AND authorization requirements.
        .addMiddleware({
            delete:[beforeDelete]})
        //.addMiddleware() adds express middleware to a specific route.
        .swagger({get:{summary: 'all the lovely categories by id'}});
        //.swagger()  only needed when you want to override/augment standard swagger spec

    function authorizeCategoryMutate(identity,params){
        //Check identity to see if allowed to mutate
        return Promise.resolve(true||false);
    }

    function beforeDelete(req, res, next) {
        // do some checks with req.
        if ('untouchable'===req.body.categories[0].name) {
            next(new harvester.JSONAPI_Err({status: 400, detail: 'untouchable category'}));
        } else {
            next();
        }
    }


};
	'use strict';

	var Joi = require('joi');

	//##OPTION B: authorization as default middleware
	module.exports = function (harvestApp, mustbeConfig) {

	var customJoiValidationSchema = {query: {myAwesomeParam: Joi.string().required().description('My awesome parameter')}};

	var harvestApp = harvestApp
	.resource('category', {
	name: Joi.string().required().description('a name'),
	links: {
	foo: 'foo'
	}
	})
	.validate({post:customJoiValidationSchema})
	//.validate() only needed when you want to override/augment defaults
	.authorize({
	get:"category.get",
	getById:"category.get",
	getChangeEventsStreaming:"category.get",
	delete: {activity:"category.mutate", promise: authorizeCategoryMutate}
	})
	//.authorize() sets up activities (if not yet created), AND authorization requirements.
	.addMiddleware({
	delete:[beforeDelete]})
	//.addMiddleware() adds express middleware to a specific route.
	.swagger({get:{summary: 'all the lovely categories by id'}});
	//.swagger() only needed when you want to override/augment standard swagger spec

	function authorizeCategoryMutate(identity,params){
	//Check identity to see if allowed to mutate
	return Promise.resolve(true\|\|false);
	}

	function beforeDelete(req, res, next) {
	// do some checks with req.
	if ('untouchable'===req.body.categories[0].name) {
	next(new harvester.JSONAPI_Err({status: 400, detail: 'untouchable category'}));
	} else {
	next();
	}
	}


	};