node.js - nodejs passport - use same routes in api but return different sets of data based on permissions -

-



not sure of clean way go his. let's have endpoint:

get /api/books/

for user on webservice, return only user's resources. might little this:

exports.getbooks = function(req, res) {   // find books user   bookmodel.find({ userid: req.user._id }, function(err, books) {     if (err)       res.send(err);      res.json(books);   }); };

the web service using api needs user logged in first. can achieve using basic passport strategy ensure authentication. let's have admin account needs see books ever recorded. what's more admin account , user accounts have different properties assigning boolean permissions not enough. using same endpoint:

get /api/books

i see no reason write endpoint achieve this. difference this:

exports.getbooks = function(req, res) {    // find books in database    bookmodel.find({}, function(err, books) {      if (err)        res.send(err);       res.json(books);    });  };

however cannot come clean way achieve while using passport middlewear intended so:

router.route('/books')   .post(authcontroller.isauthenticated, bookcontroller.postbooks)   .get(authcontroller.isauthenticated, bookcontroller.getbooks);

the function isauthenticated will verify whether or not user requesting resources has permission , not change way controller behaves. i'm open ideas.

answer

the user @zerocho suggested check user properties in req.user object determine should sent back. more simple expected. in implementation passport.basicauth strategy, check table has matching doc. once user found in common user or admin user table add property in ismatch return object. 

   // basic strategy users    passport.use('basic', new basicstrategy(       function(email, password, done) {        verifyuserpassword(email, password,     function(err, ismatch) {       if(err) { return done(err); }        // password did not match       if(!ismatch) { return done(null, false); }        // success       var userinfo = {         email: email,         isadmin: ismatch.isadmin || false,         businessid: ismatch.businessid || false       };        return done(null, userinfo);     });   })     );

then can check if .isadmin or .businessid valid in requests.

just separate controller if statement

exports.getbooks = function(req, res) {   if (req.user.isadmin) { // or other code check user admin     // find books in database     bookmodel.find({}, function(err, books) {       if (err)         res.send(err);       res.json(books);     });   } else {     bookmodel.find({ userid: req.user._id }, function(err, books) {       if (err)         res.send(err);       res.json(books);     });   } };




wiki

Comments

Post a Comment

Popular posts from this blog

Asterisk AGI Python Script to Dialplan does not work -

-
i'm stuck project have check database of sip extension incoming caller id , dial sip extension. below receive when run script on asterisk cli. -- registered sip '9125' @ 192.168.1.102:50142 > saved useragent "zoiper rv2.8.40" peer 9125 [2017-08-22 13:53:33] notice[5095]: chan_sip.c:24558 handle_response_peerpoke: peer '9125' reachable. (17ms / 2000ms) == using sip rtp tos bits 184 == using sip rtp cos mark 5 -- executing [0112617769@from-trunk:1] answer("sip/obitrunk1-0000000d", "") in new stack > 0x1ca50d0 -- probation passed - setting rtp source address 192.168.1.98:16834 -- executing [0112617769@from-trunk:2] agi("sip/obitrunk1-0000000d", "test.py") in new stack -- launched agi script /var/lib/asterisk/agi-bin/test.py args: ['/var/lib/asterisk/agi-bin/test.py'] env line: agi_request: test.py env line: agi_channel: sip/obitrunk1-0000000d env line: agi_language: en env line: a
Read more

python - Read npy file directly from S3 StreamingBody -

-
i have many .npy (numpy) , .json files saved in s3, need download , load these files. for json files downloading files , loading dictionary using following code: obj = s3.object(bucket, key) response = obj.get() body = response['body'].read().decode('utf-8') data = json.loads(body) that way avoid writing .json file disk , reading it. now want same .npy files, equivalent? currently downloading file, saving temp file on disk , loading np.load avoid if possible. following https://stackoverflow.com/a/28196540/3509999 : obj = s3.object(bucket, key) io.bytesio(obj.get()["body"].read()) f: # rewind file f.seek(0) arr = np.load(f) wiki
Read more

kotlin - Out-projected type in generic interface prohibits the use of metod with generic parameter -

-
i start using kotlin , defined interface this: interface aadapter<vh : recyclerview.viewholder> { fun oncreateaviewholder(parent: viewgroup): vh fun onbindaviewholder(v: vh, position: int) } and when try use on code: class klasa ( private val adapter: aadapter<*> ) { fun dosth(){ //... val vh = this.adapter.oncreateaviewholder(parent) //on below line error adapter.onbindaviewholder(v, position) //... } } i error out-projected type 'aadapter<*>' prohibits use of 'public abstract fun onbindaviewholder(v: t, position: int): unit i tied add "in" or "out" definition i'm confused. how allow it. replace aadapter<*> aadapter<recyclerview.viewholder> . class klasa ( private val adapter: aadapter<recyclerview.viewholder> ) { // ... because have declared aadapter has type parameter vh type subclass of recyclerview.
Read more