Created
September 6, 2017 03:07
-
-
Save logaretm/f8f7a45ef93c5d7e518fba092391e589 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const prepare = (req, res, next) => { | |
// not signed in, sees published things only. | |
if (!req.user) { | |
req.query.status = 'published'; | |
} | |
// signed in and is admin, see whatever he wants. | |
if (req.user && req.user.isAdmin()) { | |
return next(); | |
} | |
// signed in and isn't the owner, sees the published ones. | |
if (req.user && req.query._author !== String(req.user._id)) { | |
req.query.status = 'published'; | |
} | |
// singed in and is the owner, can see whatever he wants. | |
next(); | |
}; | |
// the route uses the prepare middleware to adjust visibility and whatever | |
router.get('/', prepare, async (req, res) => { | |
const products = await Paginator.paginate( | |
req, | |
Product.find(req.query, props).populate('_author _category', populateFields) | |
); | |
res.json({ | |
products | |
}); | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment