authorize method
Checks the authorization.
correlation_id
(optional) transaction id to trace execution through call chain.userId
an user id.roles
a roles to be revoked. Return (optional) Future that receives bool value of authorization or error.
Implementation
@override
Future<bool?> authorize(
String? correlationId, String? userId, List<String> roles) async {
if (roles.isEmpty) {
return null;
}
var existingRoles = await getRolesById(correlationId, userId);
var authorized = _difference(roles, existingRoles).isEmpty;
return authorized;
}