how to check the authenticated user is doing the changes

问题内容:

authentication.js

exports.roleAuth = function(req, res, next) {
    var token = req.query.authToken;
    var authPage = req.query.authPage;
    var page_permission = req.query.permission;
    if (!token || !authPage || !page_permission || (page_permission != 'read' && page_permission != 'write')) {
        return res.status(401).send({
            status: 401,
            data: 'Please provide token and authPage and page_permission'
        });
    } else {
        db.query('select * from users u inner join role_mapping rm on u._id = rm.user_id inner join roles r on r._id = rm.role_id where u.token = $1 AND u."tokenExpires" > $2', [token, moment().utc().toDate()], function(err, user) {
            if (err) return next(err);
            if (user.rows.length == 0) {
                return res.status(401).send({
                    error: "User not found"
                })
            } else {
                var roleType = user.rows[0].role_name;
                if (!roleType) {
                    return res.status(401).send({
                        status: 401,
                        data: 'You dont have permission'
                    })
                } else if (roleType == 'admin') {
                    console.log(roleType == 'admin')
                    return next();
                } else {
                    var prm = permission[roleType];
                    if (prm) {
                        var prmPage = prm[authPage];
                        if (prmPage) {
                            var finalCond = prmPage[page_permission];
                            if (finalCond) {
                                return next();
                            } else {
                                return res.status(401).send({
                                    status: 401,
                                    data: 'You dont have permission'
                                })
                            }
                        } else {
                            return res.status(401).send({
                                status: 401,
                                data: 'You dont have permission'
                            })
                        }
                    } else {
                        return res.status(401).send({
                            status: 401,
                            data: 'You dont have permission'
                        })
                    }
                }
            }
        })
    }
}

here I am trying to check the authenticated user is deleting the guidecategory.

category.js

function deleteGuideCategory(req, res, next) {
    db.query('SELECT * FROM guide_categories WHERE _id = $1', [req.params._id], function(err, result) {
        if (err) return next(err);
        if (result.rows.length == 0) {
            return res.status(404).send({
                status: 404,
                data: "guide category not found"
            });
        } else {
            db.query('DELETE FROM guide_categories WHERE _id = $1 RETURNING *', [req.params._id], function(err, guide_cat) {
                if (err) return next(err);
                return res.status(200).send({
                    status: "guide category deleted successfully",
                    data: guide_cat.rows
                });
            });
        }
    });
}

 router.delete('/delGuideCategory/:_id', roleAuth, deleteGuideCategory);

how can I find that the currently logged in user is making the changes to the guide category or any other user? If one user is trying to change the data of
the other it must show the error message. Is this possible??

问题评论:

原文地址:

https://stackoverflow.com/questions/47752542/how-to-check-the-authenticated-user-is-doing-the-changes

添加评论

友情链接:蝴蝶教程