extended_dsl+auth_as_add-on_middleware.js

extended_dsl+auth_as_add-on_middleware.js

'use strict';

var Joi = require('joi');

//##OPTION A: authorization as add-on middleware
module.exports = function (harvestApp, mustbeConfig) {

    var harvestApp = harvestApp
        .resource('category', {
            name: Joi.string().required().description('a name'),
            links: {
                foo: 'foo'
            }
        });


    mustbeConfig.activities(function (activities) {

        activities.can("category.get", permission('category.get'));
        activities.can("category.mutate", function (identity, params, cb) {
            // do some logic
            cb(null, true);
        });
    });

    var authorizeCategoryGet = mustbe.authorized("category.get");
    var authorizeCategoryMutate = mustbe.authorized("category.mutate");

    var customJoiValidationSchema = {query: {myAwesomeParam: Joi.string().required().description('My awesome parameter')}};
    
    harvestApp
        .validate({post:customJoiSchema})
        //.validate() only needed when you want to override/augment defaults
        .addMiddleware({
            get:[authorizeCategoryGet],
            getById:[authorizeCategoryGet],
            getChangeEventsStreaming:[authorizeCategoryGet],
            delete:[authorizeCategoryMutate, beforeDelete]})
        .swagger({get:{summary: 'all the lovely categories by id'}});
        //.swagger()  only needed when you want to override standard swagger spec
        
    function beforeDelete(req, res, next) {
        // do some checks with req.
        if ('untouchable'===req.body.categories[0].name) {
            next(new harvester.JSONAPI_Err({status: 400, detail: 'untouchable category'}));
        } else {
            next();
        }
    }


};