问题
I am working in Azure Mobile Service where I have made a custom api. For those it is possible to set permissions (like public, application, user and admin), which is very useful. But I need multi-level api (like for example /api/user/profile/{userId}
), and to be able to set some permission to the sub-level api.
I have found it is possible to add other levels of api paths with the following code
exports.register = function (api) {
/* Get public user profile on some other user */
api.get('/profile/:userId', getProfileFunc);
/* Get private profile only for the authenticated user */
api.get('/profile', getProvateProfileFunc);
/* Update provate profile only for the authenticated user */
api.put('/profile', updateProfileFunc);
}
exports.get = getUserListFunc;
The api permissions are set through the {api-name}.json-file for the top level.
But how can I set a permission to a sub-level api that is different from the parent api? An illustration:
GET: api/user gets a list of users and is permission application
GET: api/user/profile gets the profile for (the authenticated) user, and therefor needs permission user.
And the permissions in user.json are
{
"routes": {
"*": {
"get": {"permission": "application"},
"post": {"permission": "admin"},
"put": {"permission": "admin"},
"patch": {"permission": "admin"},
"delete": {"permission": "admin"}
}
}
}
I an working with a git repository connected to my WAMS.
回答1:
The .json file supports routes. Try the following:
{
"routes": {
"/" : { "permission": "public" },
"/user/profile/:userId" : {
"get": { "permission": "public" },
"post": { "permission": "authenticated" }
}
}
}
来源:https://stackoverflow.com/questions/27685908/permission-on-multiple-routes-in-a-custom-api-for-an-azure-mobile-service