0.3.0 adds support for applying authorization middleware only if
certain condition is met. In the past, we could only do
[code]
server.get("/api/user/:user",getAndSendUserData);
server.get("/api/user/:user/
private",cansec.restrictToRoles("admin"),getAndSendUserData);
[/code]
Now we can do
[code]
server.get("/api/
user/:user",cansec.ifParameter("private","true").restrictToRoles("admin"),getAndSendUserData);
[/code]
If ?private=true is passed, then you will need to be admin to proceed;
if not, then authorization is not necessary. getAndSendUserData
decides if it sends public or private data based on the existence of ?
private=true.
Will cross-post to expressjs...
https://github.com/deitch/cansecurity
and of course in npm
npm install cansecurity
Feedback always welcome and appreciated.
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
