register = function (server, options, next) {
try {
// Validate the options passed into the plugin
Schema.assert('plugin', options, 'Invalid settings');
var settings = Hoek.applyToDefaults(internals.defaults, options || {});
server.bind({
config: settings
});
// Validate the server options on the routes
if (server.after) { // Support for hapi < 11
server.after(internals.validateRoutes);
} else {
server.ext('onPreStart', internals.validateRoutes);
}
server.ext('onPreHandler', internals.onPreHandler);
next();
} catch (e) {
next(e);
}
}...
register: require('hapi-authorization')
options: {
roles: false // By setting to false, you are not using an authorization hierarchy and you do not need to specify all the potential
roles here
}
}
];
server.register(plugins, function(err) {
...
```
## Using hapi-authorization with custom roles
1. Include the plugin in your hapijs app.
Example:
```js
...checkRoles = function (user, role, hierarchy) {
if ((!user) || (!internals.isGranted(user.role, role, hierarchy))) {
return Boom.forbidden('Unauthorized');
}
return null;
}n/a
fetchEntity = function (query, param, request, cb) {
var def = Q.defer();
query(param, request, function(err, entity) {
if (err && err.isBoom) {
return def.reject(err);
} else if (err) {
return def.reject(Boom.badRequest('Bad Request', err));
}
else if (!entity) {
return def.reject(Boom.notFound());
}
else {
def.resolve(entity);
}
});
return def.promise;
}n/a
validateEntityAcl = function (user, role, entity, validator, options) {
var def = Q.defer();
if (!entity) {
def.reject(new Error('validateUserACL must run after fetchACLEntity'));
} else if (!user) {
def.reject(new Error('User is required, please make sure this method requires authentication'));
} else {
if (validator) {
entity[validator](user, role, function(err, isValid) {
if (err) {
def.reject(new Error(err));
} else if (!isValid) { // Not granted
def.reject(Boom.forbidden('Unauthorized'));
} else { // Valid
def.resolve(isValid);
}
});
} else {
// Use the default validator
var isValid = internals.defaultEntityAclValidator(user, role, entity, options);
if (isValid) {
def.resolve(isValid);
} else {
def.reject(Boom.forbidden('Unauthorized'));
}
}
}
return def.promise;
}n/a
assert = function (type, options, message) {
var validationObj = Joi.validate(options, internals[type]);
var error = validationObj.error;
var errorMessage = null;
// If there is an error, build a nice error message
if(error) {
errorMessage = error.name + ':';
error.details.forEach(function(err) {
errorMessage += ' ' + err.message;
});
}
// If there is an error build the error message
Hoek.assert(!error, 'Invalid', type, 'options', message ? '(' + message + ')' : '', errorMessage);
return validationObj.value;
}...
errorMessage = error.name + ':';
error.details.forEach(function(err) {
errorMessage += ' ' + err.message;
});
}
// If there is an error build the error message
Hoek.assert(!error, 'Invalid', type, 'options', message ? '(&#
x27; + message + ')' : '', errorMessage);
return validationObj.value;
};
/**
* Validation rules for a route's params
...