11 lines
438 B
JavaScript
11 lines
438 B
JavaScript
import BaseMiddleware from './BaseMiddleware.js';
|
|
export default class FineAuthMiddleware extends BaseMiddleware {
|
|
constructor({ getResourceOwnerId }){ super(); this.getResourceOwnerId=getResourceOwnerId; }
|
|
middleware(){
|
|
return (req,res,next)=>{
|
|
if(req.user.role==='ADMIN') return next();
|
|
if(req.user.userId===this.getResourceOwnerId(req)) return next();
|
|
res.status(403).json({ error:'FORBIDDEN' });
|
|
};
|
|
}
|
|
} |