🚨 Announcing Vendure v2 Beta

Product

Features

A tour of the core Vendure features

Case studies

How Vendure is being used in real-world projects

Plugins

Official & community plugins

Integrations

Storefronts, payments, infrastructure. Compose your commerce stack

Demo
Live

Try our live Vendure demo now!

Roadmap

Partners

Partner Program

Become a Vendure Partner

Developers

Documentation

Get started in 5 minutes!

Blog

News and technical articles

Allow Decorator

Allow

Package: @vendure/core File: allow.decorator.ts

Attaches metadata to the resolver defining which permissions are required to execute the operation, using one or more Permission values.

In a GraphQL context, it can be applied to top-level queries and mutations as well as field resolvers.

For REST controllers, it can be applied to route handlers.

Allow and Sessions

The @Allow() decorator is closely linked to the way Vendure manages sessions. For any operation or route that is decorated with @Allow(), there must be an authenticated session in progress, which would have been created during a prior authentication step.

The exception to this is when the operation is decorated with @Allow(Permission.Owner). This is a special permission which is designed to give access to certain resources to potentially un-authenticated users. For this reason, any operation decorated with this permission will always have an anonymous session created if no session is currently in progress.

For more information see Understanding Permission.Owner.

Example

 @Allow(Permission.SuperAdmin)
 @Query()
 getAdministrators() {
     // ...
 }
Generated on Mar 22 2023 at 12:55