O'Reilly logo

Hands-On Full Stack Web Development with Aurelia by Erikson Haziz Murrugarra Sifuentes, Diego Jose Arguelles Rojas

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Validate permissions

Permissions allow us to limit the access to a group of resources. You should be aware that authentication is not enough if we want to secure our backend APIs. To implement permissions, open the admin-api.js file and apply the following changes:

...const auth =require('express-jwt')const guard = require('express-jwt-permissions')()const updateScore = async (matchId, teamId) => {  ...}api  .route('/admin/match/:id?')  .post(auth({ secret: 's3cret'}),    guard.check('admin:create:match'),    (req, res, next) => {      ...      })...

First, we start by initializing a guard constant. Secondly, we call guard.check; this function will look for the admin:create:match permission in the JWT. Remember that these permissions have to be present in ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required