The group class for this instance of Tilmeld.
The user class for this instance of Tilmeld.
Private alreadyUsed to avoid infinite loop.
The Tilmeld config.
The currently logged in user.
Private gatekeeperGatekeeper ability cache.
Gatekeeper will cache the user's abilities that it calculates, so it can check faster if that user has been checked before.
The Nymph instance.
If you will be performing authentication functions (logging in/out), you should set these so Tilmeld can read and write cookies and headers.
If you want the user to be authenticated with the cookie and/or header they provide, you should set at least the request. It's better to set both, so the JWT can be updated if needed.
After you set these, call authenticate() to read user authentication data
from them and fill the user's session.
If you want to support cookie based authentication (which still requires an XSRF token for security), you should enable the cookie parser middleware.
Add selectors to a list of options and selectors which will limit results to only entities the current user has access to.
Check for TILMELDAUTH and TILMELDSWITCH tokens, and, if set, authenticate from it/them.
You can also call this function after setting response.locals.user to the
user you want to authenticate. You should check for user.enabled before
setting this variable, unless you explicitly want to log in as a disabled
user. (The user must be an instance of the User class for this Tilmeld
instance.)
This function will set response.locals.user to the logged in user on
successful authentication.
Skip the XSRF token check.
Skip the token renewal step, even if the token is close to expiration.
True if a user was authenticated, false on any failure.
Check a UID's permissions for a user.
UID functions on the Node.js side are not checked automatically. This function is only run automatically for UID functions run from the client. You should call this function manually if you're running a UID function on the Node.js side and you want it gated.
This will check the Tilmeld config and the user's abilities.
The UID to check.
The lowest level of permission to consider a pass.
Optional user: false | User & UserDataThe user to check permissions for. If null, uses the current user. If false, checks for public access.
Whether the current user has at least type permission for the UID.
Check an entity's permissions for a user.
This will check the AC (Access Control) properties of the entity. These include the following properties:
"acUser" refers to the entity's owner, "acGroup" refers to all users in the entity's group and all ancestor groups, and "acOther" refers to any user who doesn't fit these descriptions.
Each of these properties should be either NO_ACCESS, READ_ACCESS, WRITE_ACCESS, or FULL_ACCESS.
These properties default to:
"acRead", "acWrite", and "acFull" are arrays of users and/or groups that also have those permissions.
Only users with FULL_ACCESS have the ability to change any of the ac*, user, and group properties.
The following conditions will result in different checks, which determine whether the check passes:
The entity to check.
The lowest level of permission to consider a pass.
Optional user: false | User & UserDataThe user to check permissions for. If null, uses the current user. If false, checks for public access.
Optional acProperties: ACPropertiesThe acProperties to use instead of getting them from the entity.
Whether the current user has at least type permission for the entity.
Initialize Tilmeld.
This is meant to be called internally by Nymph. Don't call this directly.
The Nymph instance.
Private init
A user and group system for Nymph.js.
Written by Hunter Perrin for SciActive.
Author
Hunter Perrin [email protected]
Copyright
SciActive Inc
See
http://nymph.io/