canAccess method - SimpleAccessControl class - rikulo_security_plugin library

canAccess method

@override

FutureOr<bool> canAccess(

HttpConnect connect,
dynamic user

)

override

Test if the given request is accessible by the given user.

user - the current user, or null if not logged in.
It returns true if the access is granted; returns false if not allowed (either not logged in or not allowed).

If user is not null and this method returns false, an instance of Http404 will be thrown. If you prefer other status code (such as 401), you can throw an exception in this method.

Implementation

@override
FutureOr<bool> canAccess(HttpConnect connect, user) {
  final uri = connect.request.uri.path;
  for (final mapping in _mapping) {
    if (mapping.pattern.hasMatch(uri)) { //protected
      if (user != null) {
        final roles = user.roles;
        Set<String> col1;
        Iterable<String> col2;
        if (roles is Set<String> && roles.length > mapping.allowed.length) {
          col1 = roles;
          col2 = mapping.allowed;
        } else {
          col1 = mapping.allowed;
          col2 = roles as Iterable<String>;
        }

        for (final role in col2)
          if (col1.contains(role))
            return true;
      }
      return false; //denied
    }
  }
  return true; //granted
}