Skip to Content
author's profile photo Sunoj Michael
0
Sunoj Michael

Implement Authorization for $batch request XSJS

Posted on Jul 11, 2020 at 03:22 PM 71 Views

Hi,

I have an oData on SCP Cloud foundry XSA.

I want to implement authorization check for $batch request. Basically i am having express + passport for the user auth related aspects.

A set of users have GET privilege, another set have update prevliage etc.

The logics works perfectly fine for GET/PUT/POST/DELETE request.

But for $batch as we know its at POST request with multiple request in request body. It can be a GET/PUT etc.

So how do we do such a thing?

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • author's profile photo Jhodel Cailan
    Jhodel Cailan
    Posted on Jul 12, 2020 at 05:57 AM
    0

    Hi Sunoj,

    You don't put authorization check on batch request itself. You do the authorization check on those individual CRUD operations that are put inside the batch request.

    Add a comment
    10|10000 characters needed characters exceeded

    • Jhodel Cailan
      Jul 13, 2020 at 01:41 PM

      Wait?! Where did you inject that code? To me, it looks like you have injected a middleware to your XSJS or XSODATA implementation, is this correct assumption?

      If you are using XSJS just like what you mentioned on the title of your post, the parsing of the body of the $batch request is already handled by the XSODATA framework and you shouldn't really bother yourself about parsing it yourself. The only thing you need to do is use the XSJS event hooks (before, on, and after events) that the framework provided to you.

    Comment on This Answer
  • author's profile photo Sunoj Michael
    Sunoj Michael
    Posted on Jul 14, 2020 at 10:30 AM
    0

    Yes Jhodel.

    We have a middleware+ passport in server.js file. and process some of the odata request there - which is needed.

    My only issue was with $batch, I can have validation exits like you said.

    But do the hook evens trigger for GET requests[I would be bypassing the $batch from server.js].

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.