req.user object about node-express-boilerplate HOT 8 CLOSED

You could do something like:

1. Add a owner field to the model:

owner: { type: Schema.Types.ObjectId, ref: 'User' },

2. Edit your controllers and pass req.user to the service functions:

const createTransfer = catchAsync(async (req, res) => {
  const transfer = await transferService.createTransfer(req.body, req.user);
  res.status(httpStatus.CREATED).send(transfer);
});

same for other controllers...

3. Edit services:

Set owner on creation

const createTransfer = async (transferBody, user) => {
  const refinedTransfer = transferBody;
  refinedTransfer.owner = user._id;
  const transfer = await Transfer.create(refinedTransfer);
  return transfer;
};

Only return own entries unless the user is admin

const getTransferById = async (id, user) => {
  if (user.role !== 'admin') {
    return Transfer.findOne({ id, owner: user._id });
  }
  return Transfer.findById(id);
};

from node-express-boilerplate.

You can simply pass req.user as a parameter in your controllers and then use it in your services.

from node-express-boilerplate.

hey @adrian-filipow and thank you for your quick help but console.log(req.user) inside my controller shows undefined

from node-express-boilerplate.

I think it should give you a result if the route is using the auth middleware.

Can you show your code ?

from node-express-boilerplate.

Okay, @adrian-filipow your a star!! Its the auth setup thats messing with me. Its beautiful to look at but with my lack of experience I'm getting hiccups. After doing this in the config/roles.js file it works:

const roles = ['user', 'admin'];

const roleRights = new Map();
roleRights.set(roles[0], ['getUsers']);
roleRights.set(roles[1], ['getUsers', 'manageUsers']);

module.exports = {
  roles,
  roleRights,
};

However Im trying to create a transaction! I want to explicitly set the transferFrom to be the req.user and only req.user unless initiated by admin. I dont want users to be able to create transfers from another user.

Would the below be adequate:

const roles = ['user', 'admin'];

const roleRights = new Map();
roleRights.set(roles[0], ['createTrx']);
roleRights.set(roles[1], ['getUsers', 'manageUsers']);

module.exports = {
  roles,
  roleRights,
};

from node-express-boilerplate.

You mean you want to restrict access to a transfer to its owner, correct?

from node-express-boilerplate.

@adrian-filipow don't forget to include an Ethereum address. I owe you when I get this done!

from node-express-boilerplate.

@adrian-filipow nice one there!

from node-express-boilerplate.