33 lines
840 B
JavaScript
33 lines
840 B
JavaScript
|
|
|
|
function checkIsConcernedUserOrAdmin(req, res, next) {
|
|
const user = req.user; // User is set by Passport
|
|
const userIdParam = req.params.id;
|
|
|
|
if (user.isAdmin === true || user._id === userIdParam) {
|
|
next();
|
|
} else {
|
|
res.status(403).json({ error: 'Forbidden' });
|
|
}
|
|
}
|
|
|
|
function checkIsAdmin(req, res, next) {
|
|
const user = req.user; // User is set by Passport
|
|
|
|
if (user.isAdmin === true) {
|
|
next();
|
|
} else {
|
|
res.status(403).json({ error: 'Forbidden' });
|
|
}
|
|
}
|
|
|
|
function checkIsAgent(req, res, next) {
|
|
const user = req.user; // User is set by Passport
|
|
|
|
if (user.isAgent === true) {
|
|
next();
|
|
} else {
|
|
res.status(403).json({ error: 'Forbidden' });
|
|
}
|
|
}
|
|
module.exports = { checkIsConcernedUserOrAdmin, checkIsAgent, checkIsAdmin }; |