The name of the field in the input object that contains the resource ID.
A condition function that takes input and authentication context, and returns a Promise resolving to a boolean.
If the user is not authenticated, the resource ID is missing, the resource is not found, or the user does not own the resource.
// Ensure setResourceProvider is called at application startup:
// setResourceProvider(async (resourceId: string) => {
// // Your logic to fetch resource from DB/API
// return { id: resourceId, userId: "owner123" };
// });
class DocumentService {
@contract({
requires: [owns("documentId")],
})
async editDocument(input: { documentId: string; content: string }, context: AuthContext) {
// Only the owner of the document (or an admin) can edit it
console.log(`User ${context.user?.id} editing document ${input.documentId}`);
}
}
Creates an ownership check condition. This condition verifies that the authenticated user owns the resource specified by
resourceIdFieldin the input. Admins bypass this check.