checkRights #
Available since 2.8.0
Available since 7.5.0
Checks if the provided API request can be executed by a user.
checkRights(kuid, requestPayload, [options])| Property | Type | Description |
|---|---|---|
kuid | string | User kuid |
requestPayload | object | Contains a RequestPayload |
requestPayload #
The RequestPayload must contains at least the following properties:
controller: API controlleraction: API action
options #
Additional query options
| Option | Type (default) | Description |
|---|---|---|
queuable | bool ( true) | Make this request queuable or not |
timeout | number ( -1) | Time (in ms) during which a request will still be waited to be resolved. Set it -1 if you want to wait indefinitely |
triggerEvents | boolean ( false) | If set to true, will trigger events even if using Embeded SDK. You should always ensure that your events/pipes does not create an infinite loop. Available since Kuzzle 2.31.0 |
Resolves #
A boolean telling whether the provided request would have been allowed or not
Usage #
const requestPayload = {
controller: 'document',
action: 'create',
index: 'nyc-open-data',
collection: 'yellow-taxi',
body: {
name: 'Melis'
}
}
try {
const allowed = await kuzzle.security.checkRights('foo', requestPayload);
console.log(allowed);
/*
true
*/
} catch (error) {
console.error(error.message);
}Edit this page on Github(opens new window)