resources/script/router-authz.js

	router-authz.js revision ab3b03e9a63f9d8d6ba2e0548ead7a0654e0d241
/*
 * This script is called from the router "onRequest" trigger, to enforce a central
 * set of authorization rules. This default implemention simply restricts requests via HTTP
 * to users that are assigned an "openidm-admin" role.
 */

function contains(a, o) {
    for (var e in a) {
        if (e === o) {
            return true;
        }
    }
    return false;
}

// only inspect request where immediate parent is an HTTP request context
if (typeof(request.parent) != 'undefined' && request.parent.type === 'http') {
    var roles = request.parent.security['openidm-roles'];
    if (typeof(roles) === 'undefined' || !contains(roles, 'openidm-admin')) {
        throw "Access denied";
    }
}