Page tree
Skip to end of metadata
Go to start of metadata

 

accessPermission is router parameter, which limits the usage of the route to users who are member of listed group(s) or have listed role(s)

 

Example

router.POST('customers/{id}') {
    strategy(DOCUMENT_FROM_VIEW_BY_KEY) {
        keyVariableName("{id}")
        viewName("customerById")
    }
    accessPermission "[CustomerService]"
    mapJson "company", json:'company',type:'STRING'
    mapJson "fdFirstName", json:'firstname', type:'STRING'
    events VALIDATE: {
        context -> 
        //Accessing the payload
        json = context.getJsonPayload()
        //Accessing the JsonObject
        id = json.getJsonProperty('id')
        if (id == '') {
            context.throwException("ID should not be null or empty")
        }
    }
}

In this case, POSTing to URL http://server.name/path-to/db.nsf/xsp/.xrest/customers/123 will be allowed only for users with role [CustomerService]

  • No labels