isActionAllowed

Specifies if an action is allowed, denied or conditional based on the rights provided as the first argument:

  • allowed is returned when an action is authorized without condition
  • conditional is returned when the authorization depends on a closure
  • denied is returned when the action is forbidden

An action is defined as a pair of action and controller (mandatory), plus an index and a collection(optional).

You can get the rights from Kuzzle by using [`Security.getUserRights`](/sdk/js/5/core-classes/security/get-user-rights) and [`Kuzzle.getMyRights`](/sdk/js/5/core-classes/kuzzle/get-my-rights).

isActionAllowed(rights, controller, action, index, collection)

Arguments Type Description
rights JSON array Rights list
controller String The controller
action String The action
index String The index
collection String The collection

Return Value

Returns either allowed, denied or conditional.

Usage

Copied to clipboard!
kuzzle.security.getMyRights((err, rights) => {
  if (!err) {
    // returns either "allowed", "denied" or "conditional"
    var allowed = kuzzle.security.isActionAllowed(rights, 'read', 'get', 'index1', 'collection1');
  }
});