-
Notifications
You must be signed in to change notification settings - Fork 2
/
permissions.js
38 lines (32 loc) · 1016 Bytes
/
permissions.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
var express = require('express');
var path = require('path');
var app = express();
var mongoose = require('mongoose');
var User = require('./models/user')
// This function runs automatically before every server request
checkAuth = async function(req, res, next){
// get the user of the session
user = null;
if (req.session && req.session.loggedUserEmail)
user = await User.find({ email: req.session.loggedUserEmail });
// block unauthorized routes for the given user
switch (req.path) {
case '/approve':
if (user.role != 'admin')
res.status(401).send('Reached unauthorized page');
return;
case '/manuscripts':
if (!user) {
res.status(401).send('Reached unauthorized page');
return;
}
case '/workspace':
if (!user) {
res.status(401).send('Reached unauthorized page');
return;
}
}
req.user = user; // to be used along the rest of the middleware
next();
}
module.exports = { checkAuth }