How to use the @loopback/authorization.authorize function in @loopback/authorization
To help you get started, we’ve selected a few @loopback/authorization examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
strongloop / loopback4-example-shopping / packages / shopping / src / controllers / user-order.controller.ts View on Github 
/**
* Create or update the orders for a given user
* @param userId User id
* @param cart Shopping cart
*/
@post('/users/{userId}/orders', {
responses: {
'200': {
description: 'User.Order model instance',
content: {'application/json': {schema: {'x-ts-type': Order}}},
},
},
})
@authenticate('jwt')
@authorize({resource: 'order', scopes: ['create']})
async createOrder(
@param.path.string('userId') userId: string,
@requestBody() order: Order,
): Promise {
// validate the payload value
// has nothing to do with authorization
if (userId !== order.userId) {
throw new HttpErrors.BadRequest(
`User id does not match: ${userId} !== ${order.userId}`,
);
}
delete order.userId;
return this.userRepo.orders(userId).create(order);
}
@get('/users/{userId}/orders', {@requestBody() order: Partial,
@param.query.string('where') where?: Where,
): Promise {
return this.userRepo.orders(userId).patch(order, where);
}
@del('/users/{userId}/orders', {
responses: {
'200': {
description: 'User.Order DELETE success count',
content: {'application/json': {schema: CountSchema}},
},
},
})
@authenticate('jwt')
@authorize({resource: 'order', scopes: ['delete'], voters: [compareId]})
async deleteOrders(
@param.path.string('userId') userId: string,
@param.query.string('where') where?: Where,
): Promise {
return this.userRepo.orders(userId).delete(where);
}
}}
@get('/users/{userId}/orders', {
responses: {
'200': {
description: "Array of User's Orders",
content: {
'application/json': {
schema: {type: 'array', items: {'x-ts-type': Order}},
},
},
},
},
})
@authenticate('jwt')
@authorize({resource: 'order', scopes: ['find'], voters: [compareId]})
async findOrders(
@param.path.string('userId') userId: string,
@param.query.string('filter') filter?: Filter,
): Promise {
const orders = await this.userRepo.orders(userId).find(filter);
return orders;
}
@patch('/users/{userId}/orders', {
responses: {
'200': {
description: 'User.Order PATCH success count',
content: {'application/json': {schema: CountSchema}},
},
},
})@param.query.string('filter') filter?: Filter,
): Promise {
const orders = await this.userRepo.orders(userId).find(filter);
return orders;
}
@patch('/users/{userId}/orders', {
responses: {
'200': {
description: 'User.Order PATCH success count',
content: {'application/json': {schema: CountSchema}},
},
},
})
@authenticate('jwt')
@authorize({resource: 'order', scopes: ['patch'], voters: [compareId]})
async patchOrders(
@param.path.string('userId') userId: string,
@requestBody() order: Partial,
@param.query.string('where') where?: Where,
): Promise {
return this.userRepo.orders(userId).patch(order, where);
}
@del('/users/{userId}/orders', {
responses: {
'200': {
description: 'User.Order DELETE success count',
content: {'application/json': {schema: CountSchema}},
},
},
})@loopback/authorization
A LoopBack component for authorization support.
