Use Role.registerResolver()
to set up a custom role handler in a boot script. This function takes two parameters:
String name of the role in question.
Function that determines if a principal is in the specified role. The function signature must be function(role, context, callback)
.
module.exports = function(app) {var _ = require('underscore');var Role = app.models.Role;Role.registerResolver(adminForOrg, function(role, context, cb) {function reject(err) {if(err) {return cb(err);}cb(null, false);}if(context.modelName !== 'Organisation'){// return error if target model is not organisationreturn reject();}var currentUserId = context.accessToken.userId;var currentOrg = context.modelId;if(!currentUserId){// Do not allow unauthenticated users to proceedreturn reject();}if(!currentOrg){return reject();}else {app.models.User.findById(currentUserId, {include:{relation:'roles',scope : {fields: ['name'] // only include the role name and id}}}).then(function(userModelInstance){var isAdmin = _.findWhere(currentUserRoles,{name: 'orgAdmin'});if(!_.isEqual(userModelInstance.organisationId.toString(),currentOrg.toString()) || !isAdmin){return reject(); // reject if the user's org isn't the current org}else {return cb(null,true);}}).catch(function(error){cb(error);});}});});