New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
req.user object #69
Comments
You can simply pass req.user as a parameter in your controllers and then use it in your services. |
hey @adrian-filipow and thank you for your quick help but console.log(req.user) inside my controller shows undefined |
I think it should give you a result if the route is using the auth middleware. Can you show your code ? |
Okay, @adrian-filipow your a star!! Its the auth setup thats messing with me. Its beautiful to look at but with my lack of experience I'm getting hiccups. After doing this in the config/roles.js file it works:
However Im trying to create a transaction! I want to explicitly set the transferFrom to be the req.user and only req.user unless initiated by admin. I dont want users to be able to create transfers from another user. Would the below be adequate:
|
You mean you want to restrict access to a transfer to its owner, correct? |
You could do something like:
owner: { type: Schema.Types.ObjectId, ref: 'User' },
const createTransfer = catchAsync(async (req, res) => {
const transfer = await transferService.createTransfer(req.body, req.user);
res.status(httpStatus.CREATED).send(transfer);
}); same for other controllers...
Set owner on creation const createTransfer = async (transferBody, user) => {
const refinedTransfer = transferBody;
refinedTransfer.owner = user._id;
const transfer = await Transfer.create(refinedTransfer);
return transfer;
}; Only return own entries unless the user is admin const getTransferById = async (id, user) => {
if (user.role !== 'admin') {
return Transfer.findOne({ id, owner: user._id });
}
return Transfer.findById(id);
}; |
@adrian-filipow don't forget to include an Ethereum address. I owe you when I get this done! |
@adrian-filipow nice one there! |
Hello and thanks once again! the req.user object is showing undefined. Whats the most convenient way to get hold of this to use in my .services.js? Do i use the verifyToken function then pull it from there or is it being attached somewhere else?
The text was updated successfully, but these errors were encountered: