userInRoles method

Future<Response?> userInRoles(
  1. Request req,
  2. dynamic user,
  3. List<String> roles
)

Implementation

Future<Response?> userInRoles(Request req, user, List<String> roles) async {
  if (user == null) {
    return await HttpResponseSender.sendError(
        req,
        UnauthorizedException(null, 'NOT_SIGNED',
                'User must be signed in to perform this operation')
            .withStatus(401));
  } else {
    var authorized = false;

    for (var role in roles) {
      authorized = authorized || user.roles[role] != null;
    }

    if (!authorized) {
      return await HttpResponseSender.sendError(
          req,
          UnauthorizedException(
                  null,
                  'NOT_IN_ROLE',
                  'User must be ' +
                      roles.join(' or ') +
                      ' to perform this operation')
              .withDetails('roles', roles)
              .withStatus(403));
    }
  }
}