Specify Permissions for Operations

In order to use authorization functionality, you need to specify the permission needed for each operation, this can be done by using SetPermission decorator. Ok, let's take an example.

import { Controller, Get } from '@nestjs/common';
import { SetPermission } from '@tradinos/cms-backend-authorization';

@Controller()
export class PokemonController {
  @Get()
  @SetPermission("master")
  listPokemons(): Pokemon {
    /** Some code here */
  }
}

After using the SetPermission, the endpoint list Pokemons endpoint will be reserved for the users with master permission only.

When can I use it?

The decorator can be used on either a full controller or a single method. So you can either write

import { Controller, Get } from '@nestjs/common';
import { SetPermission } from '@tradinos/cms-backend-authorization';

@Controller()
export class PokemonController {
  @Get()
  @SetPermission("master")
  listPokemons(): Pokemon {
    /** Some code here */
  }
}

In this case, only the list Pokemons endpoint will be reserved for master permission, or:

import { Controller, Get } from '@nestjs/common';
import { SetPermission } from '@tradinos/cms-backend-authorization';

@Controller()
@SetPermission("master")
export class PokemonController {
  @Get()
  listPokemons(): Pokemon {
    /** Some code here */
  }
}

This way all the endpoints within the Pokemon Controller will be reserved for the master permission.

Note: if the decorator is used on both a method and a controller, the guard will only consider the permissions of the methods and ignore the Controller's one.

PreviousHow to Enable Authorization Guard NextOverview

Last updated 12 months ago

hashtagWhen can I use it?

When can I use it?