The Authorize.resource method checks the current user's permissions for resources like Forms, Reports, or Responses.
Authorize.resource(model, permissions...)
Checks whether the current user has any of the passed permissions for the resource.
var form = Form.new("ABCEDEFGHIJ");
Authorize.resource(form, "create", "update").then(function() {
// This callback only runs if the current user has either "create", or
// "update" permissions for the form.
});
Authorize.resource(model).any(permissions...)
The any method is a chainable alternative to passing the permissions directly in the resource method. Using any makes the condition's meaning clearer.
var form = Form.new("ABCEDEFGHIJ");
Authorize.resource(form).any("create", "update").then(function() {
// This callback only runs if the current user has either "create", or
// "update" permissions for the form.
});
Authorize.resource(model).all(permissions...)
The all method is a chainable alternative to passing the permissions directly in the resource method. Using all makes the condition's meaning clearer.
var form = Form.new("ABCEDEFGHIJ");
Authorize.resource(form).all("create", "update").then(function() {
// This callback only runs if the current user has both "create", and
// "update" permissions for the form.
});
Method Chaining
The any and all methods can be chained to build more advanced conditional group checks.
var form = Form.new("ABCEDEFGHIJ");
Authorize.resource(form).all("read").any("create", "update").then(function() {
// This callback is only run if the user has "read" permission, and either
// "create" or "update" permissions.
});
Promise methods like then can run between chained methods to trigger callbacks before additional checks.
var form = Form.new("ABCEDEFGHIJ");
Authorize.resource(form).all("read").then(function() {
// This callback is only run if the user has "read" permission
}).any("create", "update").then(function() {
// This callback is only run if the user has "read" permission, and either
// "create" or "update" permissions.
});