-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest.js
42 lines (37 loc) · 1.8 KB
/
test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
const { Permit } = require("permitio");
const express = require("express");
const app = express();
const port = 4000;
// This line initializes the SDK and connects your Node.js app
// to the Permit.io PDP container you've set up in the previous step.
const permit = new Permit({
// in production, you might need to change this url to fit your deployment
pdp: "https://cloudpdp.api.permit.io",
// your api key
token: "permit_key_WbJHuw4XU5r7VtpM4vVvRDtM5djQvH57xWdBvoW724R9bt5pa5saP8QLhtmv9i13gmDjXq8wFEHXhdulz5we2h"
});
// You can open http://localhost:4000 to invoke this http
// endpoint, and see the outcome of the permission check.
app.get("/", async (req, res) => {
// This user was defined by you in the previous step and
// is already assigned with a role in the permission system.
const user = {
id: "[email protected]",
firstName: "Karelle",
lastName: "Hofler",
email: "[email protected]",
} // in a real app, you would typically decode the user id from a JWT token
// After we created this user in the previous step, we also synced the user's identifier
// to permit.io servers with permit.write(permit.api.syncUser(user)). The user identifier
// can be anything (email, db id, etc) but must be unique for each user. Now that the
// user is synced, we can use its identifier to check permissions with `permit.check()`.
const permitted = await permit.check(user.id, "update", "animal");
if (permitted) {
res.status(200).send(`${user.firstName} ${user.lastName} is PERMITTED to update animal!`);
} else {
res.status(403).send(`${user.firstName} ${user.lastName} is NOT PERMITTED to update animal!`);
}
});
app.listen(port, () => {
console.log(`Example app listening at http://localhost:${port}`);
});