Property Permissions

Boolean - default true

Activating this feature enables the utilization of property-based permissions. This allows you to control the visibility of a response property based on the user's permissions. Let's have an example, shall we?

Let's say we have the following class as our response

import { OnlyWithPermissions, ExcludePermissions } from '@tradinos/cms-backend-authorization';

class Pokemon {
  name: string;
  type: string;

  @OnlyWithPermissions('master')
  IV: string;

  @ExcludePermissions('blocked')
  level: string;
}

@Controller()
export class PokemonController {
  @Get()
  listPokemons(): Pokemon {
    /** Some code here */
  }
}

in the previous example the list Pokemons endpoint will return different responses depending on the user accessing it permissions.

Assuming the user has a master permission the response will be

[
  {
    name: 'Pikachu',
    type: 'Electric',
    IV: '31/31/31/31/31/31',
    level: 50,
  },
];

And for the users with blocked permission

[
  {
    name: 'Pikachu',
    type: 'Electric',
  },
];

And finally for the users with neither blocked nor master permission

[
  {
    name: 'Pikachu',
    type: 'Electric',
    level: 50
  },
];

PreviousGlobal Authorization NextSwagger

Last updated 1 year ago