How to control access in authorization
Opened this issue · 6 comments
Hi.
How can I prevent the common user from visiting some pages like admin panel?
I did that with controller.cancel() and controller.throw403() in framework event "controller", but it always throw a framework error to console when a request without permission is passing.
Thx.
It seems like the framework is still doing something after throw403, then it went wrong.
Hi @andylokandy,
How can I prevent the common user from visiting some pages like admin panel?
You can use roles.
... throw a framework error to console ...
Can you describe me the error?
Thanks
Here is the error:
[2015-01-18 09:09:55.747] [INFO] console - inputmark/exam ---> TypeError: Cannot read property 'onExecute' of null ([object Object]) TypeError: Cannot read property 'onExecute' of null
at Subscribe.doExecute (C:\temp\ATproject\node_modules\total.js\index.js:4:4210)
at Subscribe.execute (C:\temp\ATproject\node_modules\total.js\index.js:4:2949)
at Subscribe.doAuthorization (C:\temp\ATproject\node_modules\total.js\index.js:4:5048)
at C:\temp\ATproject\node_modules\total.js\index.js:4:3652
at Promise. (C:\temp\ATproject\definitions\authorization.js:13:10)
at Promise. (C:\temp\ATproject\node_modules\mongoose\node_modules\mpromise\lib\promise.js:177:8)
at Promise.emit (events.js:95:17)
at Promise.emit (C:\temp\ATproject\node_modules\mongoose\node_modules\mpromise\lib\promise.js:84:38)
at Promise.fulfill (C:\temp\ATproject\node_modules\mongoose\node_modules\mpromise\lib\promise.js:97:20)
at C:\temp\ATproject\node_modules\mongoose\lib\query.js:1394:13
It occurred in the protected controller when it have been canceled.
I know role but i didn't find any document about it.
Can you to tell me how it works?
I know, role is only http flag.
You can describe to role flag in authorization.
https://github.com/totaljs/examples/blob/master/routing-flags-roles/definitions/authorization.js
Documentation;
http://docs.totaljs.com/v1.7.x/en.html#api~HttpRouteOptionsFlags~%40role
Role works great.
Thank you.