Returns the level of access required that the requestor has to access the resources from the method.
The method to be accessed.
The request that wants to access the method.
ProtectedisDetermines whether a requestor is authenticated.
This method must be overwritten in cases where authentication is supported in the API-X otherwise it'll be assumed that the requestor is not authenticated.
The request containing the identity of the requestor.
A boolean that determines whether the requestor is authenticated.
ProtectedisDetermines whether a requestor is denied access.
This method can be overwritten to deny access to certain requestors, e.g., banned users, bots, users with expired / invalid tokens.
This method can be used to require anything from requestors, e.g., authentication. You can decide what are the absolute minimum requirements to access your API.
The request containing the identity of the requestor.
A boolean that determines whether the requestor is denied access.
ProtectedisDetermines whether a requestor is instituitional, e.g., an internal company's manager or employee.
This method must be overwritten in cases where methods with
the Instituitional characteristics exist otherwise it'll be assumed
that the requestor is not institutional.
The request containing the identity of the requestor.
A boolean that determines whether the requestor is institutional.
ProtectedisDetermines whether a requestor is an internal user / admin.
This method must be overwritten in cases where methods with
the Internal characteristics exist otherwise it'll be assumed
that the requestor is not internal / an admin.
The request containing the identity of the requestor.
A boolean that determines whether the requestor is internal / an admin.
ProtectedisDetermines whether a requestor is a moderator.
This method must be overwritten in cases where methods with
the Moderative characteristics exist otherwise it'll be assumed
that the requestor is not a moderator.
The request containing the identity of the requestor.
A boolean that determines whether the requestor is moderator.
ProtectedisDetermines whether a requestor is priveleged / special.
This method must be overwritten in cases where methods with
the Special characteristics exist otherwise it'll be assumed that the
requestor is not priveleged.
The request containing the identity of the requestor.
A boolean that determines whether the requestor is privileged.
A class that evaluates a request's access level for a given endpoint method.
This evaluator determines whether a requestor has access to a specific method or resource. Requestors may have fixed access levels, such as
Adminfor API owners and administrators, or variable access levels based on the resources being accessed.For example, a user accessing their own resources may be assigned
ResourceOwneraccess, while accessing another user's resources might result inAuthenticatedRequestoror evenNoAccess, depending on the restrictions.To implement more granular control (e.g., banning users, handling bots, or managing authenticated access), subclass this class and implement specific methods like:
isDeniedRequestor: Deny access to certain requestors (e.g., banned users).isAuthenticatedRequestor: Validate if a requestor is authenticated.isInternalRequestor: Identify if a requestor is an internal user or admin.Note: If your API methods have characteristics like
Internal,Moderative, orInstitutional, you must implement the corresponding methods to evaluate these characteristics correctly. Otherwise, requestors will be assumed not to have the required access.