WayrApp Backend & Ecosystem Documentation - v1.0.0
    Preparing search index...

    Function requirePermission

    • Permission-Based Authorization Middleware Factory

      Creates middleware that enforces granular permission-based access control by validating that the authenticated user's role includes the required permission. This provides more fine-grained authorization than role-based access control alone.

      The middleware checks the user's role against the PERMISSIONS mapping to determine if the specific permission is granted. This allows for precise control over individual actions while maintaining the role-based hierarchy.

      This middleware is ideal for scenarios where different aspects of functionality need different access levels, such as separating read and write permissions or controlling access to specific features within a role.

      Parameters

      • permission:
            | "read:courses"
            | "read:own_progress"
            | "update:own_progress"
            | "update:own_profile"
            | "create:content"
            | "update:content"
            | "read:analytics"
            | "delete:content"
            | "manage:users"
            | "read:all_progress"

        Specific permission required to access the endpoint

      Returns (req: Request, _res: Response, next: NextFunction) => void

      Express middleware function that validates user permissions

      UNAUTHORIZED (401) - When user is not authenticated

      FORBIDDEN (403) - When user role does not include required permission

      // Require specific permission for content creation
      router.post('/content',
        authenticateToken,
        requirePermission('create:content'),
        contentController.create
      );

      // Separate read and write permissions
      router.get('/analytics',
        authenticateToken,
        requirePermission('read:analytics'),
        analyticsController.getAnalytics
      );

      // User management requires specific permission
      router.post('/users',
        authenticateToken,
        requirePermission('manage:users'),
        userController.createUser
      );

      // Fine-grained content permissions
      router.delete('/content/:id',
        authenticateToken,
        requirePermission('delete:content'),
        contentController.deleteContent
      );

    Settings

    Member Visibility