如何管理node.js中的角色?
我在Auth模型中有三种不同类别的用户,如下所示:
accountType: {
type: String,
required: true,
trim: true,
default: "user",
enum: ["merchant", "user", "provider"],
}
现在,我想简单地让商家上传停车信息。这是查询:
exports.parkingAdd = async (req, res) => {
try {
const { parkingName, price, address, name, phoneNumber, about, parkingType, city, state, zipCode } = req.body;
const check_exist = await Auth.findById(req.data.id);
if (!check_exist) return res.status(404).json({ error: 'User not found' })
let new_parking = new Parking({
merchantId: req.data.id,
parkingName,
price,
contactInfo: {
name,
phoneNumber
},
about,
parkingType,
address: {
address,
city,
state,
zipCode
}
});
const save = await new_parking.save();
return res.status(200).json({
success: true,
msg: "Parking has been added successfully",
data: { parkingDetails: save },
});
}
catch (error) {
return error.message;
}
}
如何更改上述请求,以便只有商人才能上传有关停车详细信息的信息。因为普通用户也能够添加有关停车的详细信息。 我想限制这一点。
routing.post("/parking/add",middleware.authenticateToken,merchant.parkingAdd);
I have three distinct categories of users in the auth model, as follows:
accountType: {
type: String,
required: true,
trim: true,
default: "user",
enum: ["merchant", "user", "provider"],
}
Now I want to simply let the merchant upload the parking information. Here is the query:
exports.parkingAdd = async (req, res) => {
try {
const { parkingName, price, address, name, phoneNumber, about, parkingType, city, state, zipCode } = req.body;
const check_exist = await Auth.findById(req.data.id);
if (!check_exist) return res.status(404).json({ error: 'User not found' })
let new_parking = new Parking({
merchantId: req.data.id,
parkingName,
price,
contactInfo: {
name,
phoneNumber
},
about,
parkingType,
address: {
address,
city,
state,
zipCode
}
});
const save = await new_parking.save();
return res.status(200).json({
success: true,
msg: "Parking has been added successfully",
data: { parkingDetails: save },
});
}
catch (error) {
return error.message;
}
}
how to change the above request so that only the merchant may upload the information regarding parking details. Because normal user is able to add the details regarding parking as well.
I want to restrict this.
routing.post("/parking/add",middleware.authenticateToken,merchant.parkingAdd);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
假设loggin用户在他的会话中具有帐户,
Suppose loggin user has accountType in his session,
好的,我也找到了解决方案。
在查询中应该是
Ok, I found the solution as well.
In the query it should be