gwuah · January 15, 2019 20:01
diff --git a/middleware.js b/middleware.js
 const User = require('./authConfig.js');

 function authorizeRequestTo(resource) {
  return (req, res, next) {
    /* 
      This is all on you. You can decide to populate 
      the user's rolename on a different variable
      (other than roleName). This just an example. 
    */
    const roleName = req.user.role.toLowercase();
    const canAccess = User(roleName).canAccess({
      resource: resource.toLowerCase(), 
      request: req // request object, from which we extract method and url
    });
    if (canAccess) {
      next()
    } else {
      next(new unAuthorizedError())
    }
  }
 }

 function authenticateRequest() {
  /* your authentication code here */
 }

 module.exports = {
  authenticateRequest,
  authorizeRequestTo
 }
	const User = require('./authConfig.js');

	function authorizeRequestTo(resource) {
	return (req, res, next) {
	/*
	This is all on you. You can decide to populate
	the user's rolename on a different variable
	(other than roleName). This just an example.
	*/
	const roleName = req.user.role.toLowercase();
	const canAccess = User(roleName).canAccess({
	resource: resource.toLowerCase(),
	request: req // request object, from which we extract method and url
	});
	if (canAccess) {
	next()
	} else {
	next(new unAuthorizedError())
	}
	}
	}

	function authenticateRequest() {
	/* your authentication code here */
	}

	module.exports = {
	authenticateRequest,
	authorizeRequestTo
	}