Problem: Enforce Role-Based Access on Service Methods
Problem statement
You’re building an internal admin dashboard that both admins and regular users will use, utilizing the same service API. The service provides sensitive methods, such as deleteUser(), that should only be callable by administrators.
Currently, there’s no access control—any role can call any method, which can lead to potential misuse. You need a transparent security layer that enforces role-based access control without modifying the service itself. The Proxy should intercept method calls, check permissions, and block unauthorized actions with a clear error message.
Goal
Wrap the UserService class in a Proxy that allows only admins to call restricted methods while keeping normal methods available to everyone.
Constraints
You must use a Proxy with a
gettrap.You cannot add role-check logic inside
UserService.Unauthorized method access should throw an error with the message
"Access denied: insufficient permissions".The Proxy should behave normally for allowed methods.
Sample output
The examples below illustrate what the output should look like:
// Example usage 1: Admin userconst adminService = createSecureService('admin');console.log(adminService.getUser());/* Expected output:User data retrieved*/console.log(adminService.deleteUser());/* Expected output:User deleted*/// Example usage 2: Guest userconst guestService = createSecureService('guest');console.log(guestService.getUser());/* Expected output:User data retrieved*/try {console.log(guestService.deleteUser());} catch (err) {console.error(err.message);}/* Expected console error:Access denied: insufficient permissions*/
Good luck trying the problem! If you’re unsure how to proceed, check the “Solution” tab above.
Problem: Enforce Role-Based Access on Service Methods
Problem statement
You’re building an internal admin dashboard that both admins and regular users will use, utilizing the same service API. The service provides sensitive methods, such as deleteUser(), that should only be callable by administrators.
Currently, there’s no access control—any role can call any method, which can lead to potential misuse. You need a transparent security layer that enforces role-based access control without modifying the service itself. The Proxy should intercept method calls, check permissions, and block unauthorized actions with a clear error message.
Goal
Wrap the UserService class in a Proxy that allows only admins to call restricted methods while keeping normal methods available to everyone.
Constraints
You must use a Proxy with a
gettrap.You cannot add role-check logic inside
UserService.Unauthorized method access should throw an error with the message
"Access denied: insufficient permissions".The Proxy should behave normally for allowed methods.
Sample output
The examples below illustrate what the output should look like:
// Example usage 1: Admin userconst adminService = createSecureService('admin');console.log(adminService.getUser());/* Expected output:User data retrieved*/console.log(adminService.deleteUser());/* Expected output:User deleted*/// Example usage 2: Guest userconst guestService = createSecureService('guest');console.log(guestService.getUser());/* Expected output:User data retrieved*/try {console.log(guestService.deleteUser());} catch (err) {console.error(err.message);}/* Expected console error:Access denied: insufficient permissions*/
Good luck trying the problem! If you’re unsure how to proceed, check the “Solution” tab above.