How to use the @loopback/authorization.AuthorizationDecision.DENY function in @loopback/authorization
To help you get started, we’ve selected a few @loopback/authorization examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
strongloop / loopback4-example-shopping / packages / shopping / src / services / id.compare.authorizor.ts View on Github 
export async function compareId(
authorizationCtx: AuthorizationContext,
metadata: MyAuthorizationMetadata,
) {
let currentUser: UserProfile;
if (authorizationCtx.principals.length > 0) {
const user = _.pick(authorizationCtx.principals[0], [
'id',
'name',
'email',
]);
currentUser = {[securityId]: user.id, name: user.name, email: user.email};
} else {
return AuthorizationDecision.DENY;
}
// A workaround to bypass the authorizer priority
// class level authorizer should have higher priority than the instance level one
// which means the DENY returned in this function will be ignored when the global authorizer
// says ALLOW
if (currentUser && currentUser.name === 'customer_service')
return AuthorizationDecision.ALLOW;
const userId = authorizationCtx.invocationContext.args[0];
return userId === currentUser[securityId]
? AuthorizationDecision.ALLOW
: AuthorizationDecision.DENY;
}authorizationCtx: AuthorizationContext,
metadata: AuthorizationMetadata,
) {
const request: AuthorizationRequest = {
subject: authorizationCtx.principals[0].name,
object: metadata.resource ?? authorizationCtx.resource,
action: (metadata.scopes && metadata.scopes[0]) || 'execute',
};
const allow = await this.enforcer.enforce(
request.subject,
request.object,
request.action,
);
if (allow) return AuthorizationDecision.ALLOW;
else if (allow === false) return AuthorizationDecision.DENY;
return AuthorizationDecision.ABSTAIN;
}
}@loopback/authorization
A LoopBack component for authorization support.
