Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add auth/checks to nonprofit posting endpoints #60

Open
jd2rogers2 opened this issue Oct 25, 2021 · 0 comments · May be fixed by #263
Open

add auth/checks to nonprofit posting endpoints #60

jd2rogers2 opened this issue Oct 25, 2021 · 0 comments · May be fixed by #263
Assignees
@HartPM
Labels
Back End
Milestone
Posting/ Exchange...

Comments

@jd2rogers2
Copy link
Contributor

jd2rogers2 commented Oct 25, 2021
edited by esteban-gs
Loading

requirements a little loose here as we'll need to assess what's needed when we get to this point
but in general endpoints for acting on behalf of a nonprofit need to check if the current user has the right permissions

This will require adding a roles guard in the AuthModule (guard is a functionality provided by NestJs).

Inside the guard you will have to read the User-Orgs table. Each org will have a user that can be an agent. The guard logic is a pseudo code like:

This guard requires a user to be in the request
find userorg record for current user
if no userord record return false
if userOrg record for current user make sure that the org in question is in the same user-org record (there could be multiple records)

To get the authenticated user from the request, you may want to add a Cookie Guard annotation before the new guard annotation so that the Cookie guard puts the user in the middleware.

preReq #59
@HartPM HartPM self-assigned this Nov 16, 2022
@jd2rogers2 jd2rogers2 linked a pull request Jan 5, 2023 that will close this issue
Protect asset create endpoint #263
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@HartPM HartPM

Labels
Back End
Projects
None yet
Milestone
Posting/ Exchange b4 beta
Development

Successfully merging a pull request may close this issue.

Protect asset create endpoint Nonprofit-Exchange-Hub/web-app
3 participants
@jd2rogers2 @esteban-gs @HartPM