-
Notifications
You must be signed in to change notification settings - Fork 24
Rules
There are two rules that are used in this application. The first decides whether a user is an admin of the dashboard and the other checks access for each app. For more information on rules see the rules documentation.
The first rule decides if a user who is logging in is an admin of the SSO dashboard. The specific implementation of this rule will depend on your environment. The simplest implementation of this rule is to just check for a single email address.
Check email to decide who is an admin:
function(user, context, cb) {
if (context.clientID !== '<YOUR APP ID HERE>') {
return cb(null, user, context);
}
var whitelist = [ 'user1@mail.com', 'user2@mail.com' ]; //authorized users
var userIsAdmin = whitelist.some(
function (email) {
return email === user.email;
});
user.is_admin = userIsAdmin;
cb(null, user, context);
}
You can also check via groups:
function(user, context, cb) {
if (context.clientID !== '<YOUR APP ID HERE>') {
return cb(null, user, context);
}
user.is_admin = user.groups && user.groups.indexOf('<YOUR GROUUP HERE>') > -1;
cb(null, user, context);
}
The second rule uses the role configuration of the dashboard to enforce access. This role uses an api that is part of the dashboard itself to check access against the role configuration and the users roles/groups. You can find the source of this rule in the repository.