我想确保特定链接('新博客')仅供我自己使用(用户名="管理员"),而不是普通大众。我已经写了以下if语句,但它引发了错误:
<% if(currentUser.username = "admin") { %>
<ul class="nav navbar-nav">
<li class="active"><a href="/new"><i class="fa fa-plus" aria-hidden="true"></i> New Blog <span class="sr-only">(current)</span></a></li>
</ul>
<% } %>
我的逻辑在这里出了什么问题?
路线如下:
router.get("/blogs", function(req, res){
Blog.find({}, function(err, blogs){
if(err) {
console.log(err);
} else {
res.render("index", {blogs: blogs});
}
});
});
router.get("/new", function(req, res){
res.render("new");
});
router.get("/blogs/:id", function(req, res){
Blog.findById(req.params.id, function(err, foundBlog){
if(err){
res.redirect("/blogs");
} else {
res.render("show", {blog:foundBlog});
}
});
});
// create route
router.post("/blogs", function(req, res){
req.body.blog.body = req.sanitize(req.body.blog.body);
Blog.create(req.body.blog, function(err, newBlog){
if(err) {
res.render("new");
} else {
res.redirect("/blogs");
}
});
});
// edit route
router.get("/blogs/:id/edit", function(req, res){
// find blog
Blog.findById(req.params.id, function(err, foundBlog){
if(err){
res.redirect("/blogs");
} else {
res.render("edit", {blog: foundBlog});
}
});
});
// update route
router.put("/blogs/:id", function(req,res){
req.body.blog.body = req.sanitize(req.body.blog.body);
Blog.findByIdAndUpdate(req.params.id, req.body.blog, function(err, updatedBlog) {
if(err) {
res.redirect("/");
} else {
res.redirect("/blogs/" + req.params.id);
}
});
});
// delete route
router.delete("/blogs/:id", function(req, res){
Blog.findByIdAndRemove(req.params.id, req.body.blog, function(err, deleteBlog){
if(err) {
res.redirect("/blogs");
} else {
res.redirect("/blogs");
}
});
});
router.get("/", function(req, res){
res.redirect("/blogs");
})
// reg
router.get("/register", function(req, res){
res.render("register");
});
// signup logic
router.post("/register", function(req, res){
var newUser = new User({username: req.body.username, image: req.body.image});
User.register(newUser, req.body.password, function(err, user){
if(err){
res.redirect("/blogs");
}
passport.authenticate("local")(req, res, function(){
res.redirect("/blogs");
});
});
});
// login form
router.get("/login", function(req, res){
res.render("login");
});
// login logic
router.post("/login", passport.authenticate("local", {
successRedirect: "/blogs",
failureRedirect: "/login",
}));
// logout logic
router.get("/logout", function(req, res){
req.logout();
req.flash("success", "You are now logged out");
res.redirect("/blogs");
});
答案 0 :(得分:1)
验证成功后,Passport会将用户对象附加到快速路由器(req.user)的请求对象。这是通过本地身份验证策略中的done(null,user)实现的。您可以使用户对象检查相应的用户是否确实是管理员。
router.post("/blogs", function(req, res){
req.body.blog.body = req.sanitize(req.body.blog.body);
Blog.create(req.body.blog, function(err, newBlog){
if(err) {
res.render("new", {
// Ternary operator which checks if the user object is empty or not
currentUser: req.user ? req.user.currentUser: '',
// I hope currentUser is present in your Schema object
});
} else {
res.redirect("/blogs");
}
});
然后您可以检查您的视图是否是正确的用户:
<% if(currentUser === "admin") { %>
<ul class="nav navbar-nav">
<li class="active"><a href="/new"><i class="fa fa-plus" aria-hidden="true"></i> New Blog <span class="sr-only">(current)</span></a> </li>
</ul>
<% } %>