...
Info |
---|
title | Value Comparer Requirement Metadata |
---|
|
Property Name | Value | Description |
---|
expectedValue | string | The value we expect to have to satisfy the requirement | actualValue | string | The value we check against the exepectedValue to see if the requirement passes. |
|
The example metadata on this page metadata below is for a requirement that only passes if the authenticated user is a particular person. It uses Input Context Objects for some values.
Code Block |
---|
language | js |
---|
title | Value Comparer Metadata Example |
---|
|
{
"endpoints": {
"ExamplesGetSingleProduct": {
"route": {
"httpMethod": "GET",
"segments": {
"examples": {
"isLiteral": true,
"type": "string"
},
"products": {
"isLiteral": true,
"type": "string"
},
"productId": {
"isLiteral": false,
"type": "long"
"security": {
"CurrentPersonIsAiesha": {
"type": "ValueComparer",
"parameters": {
"expectedValue": "1",
"actualValue": "@AuthenticatedAttributes.AuthenticatedPrincipalRecordId"
}
}
}
}
}
}
}
//remaining metadata omitted
}
} |
Why did we add this security block to a route segment instead of the endpoint or an input entity field?
If we had put it at the endpoint level it would have had no effect. Remember, only one requirement in a collection needs to pass for the entire collection to pass. By default, the framework always adds an authentication requirement to the endpoint collection. If this requirement was also at the endpoint level we would have and the authenticated person was not person id 1, we would have:
Collection Name | Requirements | Result |
---|
Endpoint | Require Authentication, CurrentPersonIsAiesha | CurrentPersonIsAiesha fails but Requires Authentication passes, so this entire collection passes. |
Route | None | Pass |
Input Fields | None | Pass |
When we move it to the route segment level we have:
Collection Name | Requirements | Result |
---|
Endpoint | Require Authentication | Pass |
Route | CurrentPersonIsAiesha | Fail |
Input Fields | None | Pass |
And the request fails if the person is not Aiesha. This requirement could have also been added at the input entity field level to achieve the same result.