ownerOrAdmin method

Future<Response?> ownerOrAdmin(Request req, dynamic user, { String idParam = 'user_id', })

Implementation

Future<Response?> ownerOrAdmin(Request req, user,
    {String idParam = 'user_id'}) async {
  if (user == null) {
    return await HttpResponseSender.sendError(
        req,
        UnauthorizedException(null, 'NOT_SIGNED',
                'User must be signed in to perform this operation')
            .withStatus(401));
  } else {
    var userId = req.params[idParam] ?? req.url.queryParameters[idParam];
    var roles = user != null ? user.roles : null;
    var admin = roles['admin'] != null;

    if (user.user_id != userId && !admin) {
      return await HttpResponseSender.sendError(
          req,
          UnauthorizedException(null, 'FORBIDDEN',
                  'Only data owner can perform this operation')
              .withStatus(403));
    }
  }
}