Comments (8)
You could do something like:
- Add a owner field to the model:
owner: { type: Schema.Types.ObjectId, ref: 'User' },
- Edit your controllers and pass req.user to the service functions:
const createTransfer = catchAsync(async (req, res) => {
const transfer = await transferService.createTransfer(req.body, req.user);
res.status(httpStatus.CREATED).send(transfer);
});
same for other controllers...
- Edit services:
Set owner on creation
const createTransfer = async (transferBody, user) => {
const refinedTransfer = transferBody;
refinedTransfer.owner = user._id;
const transfer = await Transfer.create(refinedTransfer);
return transfer;
};
Only return own entries unless the user is admin
const getTransferById = async (id, user) => {
if (user.role !== 'admin') {
return Transfer.findOne({ id, owner: user._id });
}
return Transfer.findById(id);
};
from node-express-boilerplate.
You can simply pass req.user as a parameter in your controllers and then use it in your services.
from node-express-boilerplate.
hey @adrian-filipow and thank you for your quick help but console.log(req.user) inside my controller shows undefined
from node-express-boilerplate.
I think it should give you a result if the route is using the auth middleware.
Can you show your code ?
from node-express-boilerplate.
Okay, @adrian-filipow your a star!! Its the auth setup thats messing with me. Its beautiful to look at but with my lack of experience I'm getting hiccups. After doing this in the config/roles.js file it works:
const roles = ['user', 'admin'];
const roleRights = new Map();
roleRights.set(roles[0], ['getUsers']);
roleRights.set(roles[1], ['getUsers', 'manageUsers']);
module.exports = {
roles,
roleRights,
};
However Im trying to create a transaction! I want to explicitly set the transferFrom to be the req.user and only req.user unless initiated by admin. I dont want users to be able to create transfers from another user.
Would the below be adequate:
const roles = ['user', 'admin'];
const roleRights = new Map();
roleRights.set(roles[0], ['createTrx']);
roleRights.set(roles[1], ['getUsers', 'manageUsers']);
module.exports = {
roles,
roleRights,
};
from node-express-boilerplate.
You mean you want to restrict access to a transfer to its owner, correct?
from node-express-boilerplate.
@adrian-filipow don't forget to include an Ethereum address. I owe you when I get this done!
from node-express-boilerplate.
@adrian-filipow nice one there!
from node-express-boilerplate.
Related Issues (20)
- Pagination Query for 'ref' documents.
- Implement oAuth Login
- pm2: command not found when run docker compose
- Can you upgrade the dependency?
- Authentication: Is refresh token never expired? HOT 4
- Multiple roles/permissions HOT 2
- Can we add commit message lint?
- Can we use release-please for the release notes and create the tags in the GIT?
- API documentation : HTTP basic authentication? HOT 1
- ERROR [node-app 5/6] RUN yarn install --pure-lockfile HOT 2
- logout api only invalidate the refresh token, but the auth token is still valid until it expires HOT 2
- xss-clean - Package no longer supported
- It adds new refresh token when another token already exist for logged in user HOT 2
- Incorrect docs route unit test
- Validation middleware isn't working with external validation HOT 5
- req.body undefined HOT 1
- Mongoose V5.5.3+ introduced .remove() deprecation
- Same token generated all the time HOT 1
- Tests failing due to MongoWriteConcern
- MongoDB data loss
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-express-boilerplate.