canAccess method

  1. @override
FutureOr<bool> canAccess(
  1. HttpConnect connect,
  2. dynamic user
)
override

Test if the given request is accessible by the given user. *

    • user - the current user, or null if not logged in.
    • It returns true if the access is granted; returns false if not allowed
  • (either not logged in or not allowed).
  • If user is not null and this method returns false, an instance of Http404
  • will be thrown. If you prefer other status code (such as 401), you can
  • throw an exception in this method.

Implementation

@override
FutureOr<bool> canAccess(HttpConnect connect, user) {
  final uri = connect.request.uri.path;
  for (final mapping in _mapping) {
    if (mapping.pattern.hasMatch(uri)) { //protected
      if (user != null) {
        final roles = user.roles;
        Set<String> col1;
        Iterable<String> col2;
        if (roles is Set<String> && roles.length > mapping.allowed.length) {
          col1 = roles;
          col2 = mapping.allowed;
        } else {
          col1 = mapping.allowed;
          col2 = roles as Iterable<String>;
        }

        for (final role in col2)
          if (col1.contains(role))
            return true;
      }
      return false; //denied
    }
  }
  return true; //granted
}