Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

req.user object #69

Closed
pxl-live opened this issue Jan 21, 2021 · 8 comments
Closed

req.user object #69

pxl-live opened this issue Jan 21, 2021 · 8 comments

Comments

@pxl-live
Copy link

Hello and thanks once again! the req.user object is showing undefined. Whats the most convenient way to get hold of this to use in my .services.js? Do i use the verifyToken function then pull it from there or is it being attached somewhere else?
@adrian-filipow
Copy link

You can simply pass req.user as a parameter in your controllers and then use it in your services.

@pxl-live
Copy link
Author

hey @adrian-filipow and thank you for your quick help but console.log(req.user) inside my controller shows undefined

@adrian-filipow
Copy link

I think it should give you a result if the route is using the auth middleware.

Can you show your code ?

@pxl-live
Copy link
Author

pxl-live commented Jan 21, 2021
edited

Okay, @adrian-filipow your a star!! Its the auth setup thats messing with me. Its beautiful to look at but with my lack of experience I'm getting hiccups. After doing this in the config/roles.js file it works:


const roles = ['user', 'admin'];

const roleRights = new Map();
roleRights.set(roles[0], ['getUsers']);
roleRights.set(roles[1], ['getUsers', 'manageUsers']);

module.exports = {
  roles,
  roleRights,
};

However Im trying to create a transaction! I want to explicitly set the transferFrom to be the req.user and only req.user unless initiated by admin. I dont want users to be able to create transfers from another user.

Would the below be adequate:

const roles = ['user', 'admin'];

const roleRights = new Map();
roleRights.set(roles[0], ['createTrx']);
roleRights.set(roles[1], ['getUsers', 'manageUsers']);

module.exports = {
  roles,
  roleRights,
};

@adrian-filipow
Copy link

You mean you want to restrict access to a transfer to its owner, correct?

@adrian-filipow
Copy link

adrian-filipow commented Jan 21, 2021
edited

You could do something like:

  1. Add a owner field to the model:
owner: { type: Schema.Types.ObjectId, ref: 'User' },
  1. Edit your controllers and pass req.user to the service functions:
const createTransfer = catchAsync(async (req, res) => {
  const transfer = await transferService.createTransfer(req.body, req.user);
  res.status(httpStatus.CREATED).send(transfer);
});
same for other controllers...
  1. Edit services:

Set owner on creation

const createTransfer = async (transferBody, user) => {
  const refinedTransfer = transferBody;
  refinedTransfer.owner = user._id;
  const transfer = await Transfer.create(refinedTransfer);
  return transfer;
};

Only return own entries unless the user is admin

const getTransferById = async (id, user) => {
  if (user.role !== 'admin') {
    return Transfer.findOne({ id, owner: user._id });
  }
  return Transfer.findById(id);
};

@pxl-live
Copy link
Author

@adrian-filipow don't forget to include an Ethereum address. I owe you when I get this done!

@hagopj13
Copy link
Owner

@adrian-filipow nice one there!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hagopj13 @adrian-filipow @pxl-live