Scope class

Allows ResourceControllers to have different scope for each operation method.

This type is used as an annotation to an operation method declared in a ResourceController.

If an operation method has this annotation, an incoming Request.authorization must have sufficient scope for the method to be executed. If not, a 403 Forbidden response is sent. Sufficient scope requires that every listed scope is met by the request.

The typical use case is to require more scope for an editing action than a viewing action. Example:

    class NoteController extends ResourceController {
      @Scope(['notes.readonly']);
      @Operation.get('id')
      Future<Response> getNote(@Bind.path('id') int id) async {
        ...
      }

      @Scope(['notes']);
      @Operation.post()
      Future<Response> createNote() async {
        ...
      }
    }

An Authorizer must have been previously linked in the channel. Otherwise, an error is thrown at runtime. Example:

    router
      .route("/notes/[:id]")
      .link(() => Authorizer.bearer(authServer))
      .link(() => NoteController());

Constructors

Scope(List<String> scopes)
Add to ResourceController operation method to require authorization scope. [...]
const

Properties

scopes → List<String>
The list of authorization scopes required.
final
hashCode → int
The hash code for this object.
read-only, inherited
runtimeType → Type
A representation of the runtime type of the object.
read-only, inherited

Methods

noSuchMethod(Invocation invocation) → dynamic
Invoked when a non-existent method or property is accessed.
inherited
toString() → String
Returns a string representation of this object.
inherited

Operators

operator ==(dynamic other) → bool
The equality operator.
inherited