logaretm · September 6, 2017 03:07
diff --git a/ProductResponseFilter.js b/ProductResponseFilter.js
 const prepare = (req, res, next) => {
  // not signed in, sees published things only.
  if (!req.user) {
    req.query.status = 'published';
  }

  // signed in and is admin, see whatever he wants.
  if (req.user && req.user.isAdmin()) {
    return next();
  }

  // signed in and isn't the owner, sees the published ones.
  if (req.user && req.query._author !== String(req.user._id)) {
    req.query.status = 'published';
  }

  // singed in and is the owner, can see whatever he wants.
  next();
 };

 // the route uses the prepare middleware to adjust visibility and whatever
 router.get('/', prepare, async (req, res) => {
  const products = await Paginator.paginate(
    req,
    Product.find(req.query, props).populate('_author _category', populateFields)
  );

  res.json({
    products
  });
 });
	const prepare = (req, res, next) => {
	// not signed in, sees published things only.
	if (!req.user) {
	req.query.status = 'published';
	}

	// signed in and is admin, see whatever he wants.
	if (req.user && req.user.isAdmin()) {
	return next();
	}

	// signed in and isn't the owner, sees the published ones.
	if (req.user && req.query._author !== String(req.user._id)) {
	req.query.status = 'published';
	}

	// singed in and is the owner, can see whatever he wants.
	next();
	};

	// the route uses the prepare middleware to adjust visibility and whatever
	router.get('/', prepare, async (req, res) => {
	const products = await Paginator.paginate(
	req,
	Product.find(req.query, props).populate('_author _category', populateFields)
	);

	res.json({
	products
	});
	});