SystemPanda uses cookie authentication. When you login, a session is created, its ID is set as a cookie, and you have access to pages that require authentication by default. You also have access to data related to your session via the context object which you can specify which fields should be included.
{
authSession: {
initFirstAuth: {
email: "[email protected]",
password: "1234",
},
// default: "*"
sessionData: ["id", "email"],
}
}Inside a collection's beforeOperation hooks (refer to Hooks), you can return a boolean to allow or deny access to an operation. Here is a hook that employs role-based and rule-based permissions:
{
hooks: {
beforeOperation: [
({ context, operation, existingData, inputData }) => {
// cause side-effect
const user_type = ctx.sessionData?.user_type;
const isUserAndReadOp = user_type === "user" && operation === "read";
const isAdmin = user_type === "admin";
return isUserAndReadOp || isAdmin;
},
]
}
}