canUserAccessEndpoint method

Future<ResultAuthenticationFailed?> canUserAccessEndpoint(
  1. Session session,
  2. Endpoint endpoint
)
inherited

Checks if a user can access an Endpoint. If access is granted null is returned, otherwise a ResultAuthenticationFailed describing the issue is returned.

Implementation

Future<ResultAuthenticationFailed?> canUserAccessEndpoint(
    Session session, Endpoint endpoint) async {
  var auth = session.authenticationKey;
  if (endpoint.requireLogin) {
    if (auth == null) {
      return ResultAuthenticationFailed('No authentication provided');
    }
    if (!await session.isUserSignedIn) {
      return ResultAuthenticationFailed('Authentication failed');
    }
  }

  if (endpoint.requiredScopes.isNotEmpty) {
    if (!await session.isUserSignedIn) {
      return ResultAuthenticationFailed(
          'Sign in required to access this endpoint');
    }

    for (var requiredScope in endpoint.requiredScopes) {
      if (!(await session.scopes)!.contains(requiredScope)) {
        return ResultAuthenticationFailed(
            'User does not have access to scope ${requiredScope.name}');
      }
    }
  }
  return null;
}