totaljs/modules

How to control access in authorization

Opened this issue · 6 comments

Hi.
How can I prevent the common user from visiting some pages like admin panel?
I did that with controller.cancel() and controller.throw403() in framework event "controller", but it always throw a framework error to console when a request without permission is passing.

Thx.

It seems like the framework is still doing something after throw403, then it went wrong.

Hi @andylokandy,

How can I prevent the common user from visiting some pages like admin panel?
You can use roles.

... throw a framework error to console ...
Can you describe me the error?

Thanks

Here is the error:

[2015-01-18 09:09:55.747] [INFO] console - inputmark/exam ---> TypeError: Cannot read property 'onExecute' of null ([object Object]) TypeError: Cannot read property 'onExecute' of null
at Subscribe.doExecute (C:\temp\ATproject\node_modules\total.js\index.js:4:4210)
at Subscribe.execute (C:\temp\ATproject\node_modules\total.js\index.js:4:2949)
at Subscribe.doAuthorization (C:\temp\ATproject\node_modules\total.js\index.js:4:5048)
at C:\temp\ATproject\node_modules\total.js\index.js:4:3652
at Promise. (C:\temp\ATproject\definitions\authorization.js:13:10)
at Promise. (C:\temp\ATproject\node_modules\mongoose\node_modules\mpromise\lib\promise.js:177:8)
at Promise.emit (events.js:95:17)
at Promise.emit (C:\temp\ATproject\node_modules\mongoose\node_modules\mpromise\lib\promise.js:84:38)
at Promise.fulfill (C:\temp\ATproject\node_modules\mongoose\node_modules\mpromise\lib\promise.js:97:20)
at C:\temp\ATproject\node_modules\mongoose\lib\query.js:1394:13

It occurred in the protected controller when it have been canceled.

I know role but i didn't find any document about it.
Can you to tell me how it works?

Role works great.
Thank you.