节点 - 多个角色无法正常工作的路由器
我有4个角色:普通用户是auth,然后支持,管理员,masteradmin 在我刚刚拥有用户和管理员之前,每个请求都很好。 现在,我添加了支持和MasterAdmin,并在您获得支持,管理员或MasterAdmin时尝试获取请求。
const router = require('express').Router();
const paymentCtrl = require('../controllers/paymentCtrl');
const auth = require('../middleware/auth');
const authAdmin = require('../middleware/authAdmin');
const authMasterAdmin = require('../middleware/authMasterAdmin');
const authSupport = require('../middleware/authSupport');
router
.route('/payment')
.get(auth, authSupport || authMasterAdmin || authAdmin, paymentCtrl.getPayments)
.post(auth, paymentCtrl.createPayPalPayment);
例如admin,MasterAdmin与用户的其他数字相同。
const Users = require('../models/userModel');
const support = async (req, res, next) => {
try {
const user = await Users.findOne({ _id: req.user.id });
if (user.role !== 2)
return res.status(500).json({ msg: 'Support resources access denied.' });
next();
} catch (err) {
return res.status(500).json({ msg: err.message });
}
};
module.exports = support;
问题是我获得“支持资源访问权限拒绝”。当我的用户是管理员或MasterAdmin时。 逻辑或“ ||”似乎不起作用。 当这些角色之一(支持,管理员或万事程)是正确的时,我如何使请求可以使请求起作用?
I've 4 roles: Normal User is auth, then Support, Admin, MasterAdmin
Before i just had User and Admin and every request went fine.
Now i added Support and MasterAdmin and try to get the the request when you are either Support, Admin or MasterAdmin.
const router = require('express').Router();
const paymentCtrl = require('../controllers/paymentCtrl');
const auth = require('../middleware/auth');
const authAdmin = require('../middleware/authAdmin');
const authMasterAdmin = require('../middleware/authMasterAdmin');
const authSupport = require('../middleware/authSupport');
router
.route('/payment')
.get(auth, authSupport || authMasterAdmin || authAdmin, paymentCtrl.getPayments)
.post(auth, paymentCtrl.createPayPalPayment);
authSupport for example admin, MasterAdmin same just with other number for user.role
const Users = require('../models/userModel');
const support = async (req, res, next) => {
try {
const user = await Users.findOne({ _id: req.user.id });
if (user.role !== 2)
return res.status(500).json({ msg: 'Support resources access denied.' });
next();
} catch (err) {
return res.status(500).json({ msg: err.message });
}
};
module.exports = support;
The Problem is im getting "Support resources access denied." when my User is Admin or MasterAdmin.
The logical or "||" seems not to work.
Any ideas how i can make the request work when just one of those roles (Support, Admin or MasterAdmin) is true?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您不能使用||要将中间件传递到路由器功能,您正在比较中间Wares,而不是其结果。
因此,您应该创建另一个中间件,您可以将其传递一系列允许的角色。
这样的东西
You cannot use || to pass a middleware to a router function, you are comparing the middlewares, not its results.
So you should create another middleware which you can pass an array of allowed roles.
Something like this