I'm using feathersjs and I need to secure the patch method of my service. I'm using feathers-hooks-common for the hooks. I need to allow the patch method only when the call is either made from the server or is done by an admin.
const {disallow, isNot, iff, isProvider} = require('feathers-hooks-common');
const isAdmin = context => { return context.params.user.isAdmin;}
module.exports = {
patch: [
iff(isProvider('external') && isNot(isAdmin), disallow()),
iff(isNot(isProvider('server')), disallow())
],
}
The second rule, iff(isNot(isProvider('server')), disallow()), works ok, but I can't get the first rule to allow server calls.
Hooks can not be combined with conditionals but since you are already using iff you can make it a nested statement:
const {disallow, isNot, iff, isProvider} = require('feathers-hooks-common');
const isAdmin = context => { return context.params.user.isAdmin;}
module.exports = {
patch: [
iff(isProvider('external'),
iff(isNot(isAdmin), disallow())
)
],
}