canAccess method
Test if the given request is accessible by the given user. *
-
user- the current user, or null if not logged in.
-
- It returns true if the access is granted; returns false if not allowed
- (either not logged in or not allowed).
- If
useris not null and this method returns false, an instance ofHttp404 - will be thrown. If you prefer other status code (such as 401), you can
- throw an exception in this method.
Implementation
@override
FutureOr<bool> canAccess(HttpConnect connect, user) {
final uri = connect.request.uri.path;
for (final mapping in _mapping) {
if (mapping.pattern.hasMatch(uri)) { //protected
if (user != null) {
final roles = user.roles;
Set<String> col1;
Iterable<String> col2;
if (roles is Set<String> && roles.length > mapping.allowed.length) {
col1 = roles;
col2 = mapping.allowed;
} else {
col1 = mapping.allowed;
col2 = roles as Iterable<String>;
}
for (final role in col2)
if (col1.contains(role))
return true;
}
return false; //denied
}
}
return true; //granted
}