From e50d56bc867602d6b14c70a9ab0790869ff9e1a2 Mon Sep 17 00:00:00 2001 From: dreamdevil00 Date: Sun, 24 Mar 2024 19:09:28 +0800 Subject: [PATCH] docs(readme): correct docs about hasPermissionForUser --- README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 1bd68d0..d570a76 100644 --- a/README.md +++ b/README.md @@ -155,7 +155,7 @@ Only when the user is granted both permissions of reading any user address and r While the `@UsePermissions` decorator is good enough for most cases, there are situations where we may want to check for a permission in a method's body. We can inject and use `AuthzRBACService` or `AuthzManagementService` which are wrappers of casbin api for that as shown in the example below: ```typescript -import { Controller, Get, UnauthorizedException } from '@nestjs/common'; +import { Controller, Get, UnauthorizedException, Req } from '@nestjs/common'; import { AuthZGuard, AuthZRBACService, @@ -169,14 +169,20 @@ export class AppController { constructor(private readonly rbacSrv: AuthZRBACService) {} @Get('users') - async findAllUsers() { - const isPermitted = await this.rbacSrv.hasPermissionForUser(); + async findAllUsers(@Req() request: Request) { + let username = request.user['username']; + // If there is a policy `p, root, user, read:any` in policy.csv + // then user `root` can do this operation + + // Using string literals for simplicity. + const isPermitted = await this.rbacSrv.hasPermissionForUser(username, "user", "read:any"); if (!isPermitted) { throw new UnauthorizedException( 'You are not authorized to read users list' ); } // A user can not reach this point if he/she is not granted for permission read users + // ... } } ``` @@ -189,9 +195,3 @@ For more detailed information, checkout the working example in ## License This project is licensed under the MIT license. - -## Contact - -If you have any issues or feature requests, contact me. PR is welcomed. - -- dreamdeviloo@163.com