samuelkarani/user-authorization.js

## user-authorization.js
const ROLES = {...}

// middleware

function checkRole(role) {
  return (req, res, next) => {
    if (req.user.role !== role) {
      res.status(401)
      return res.send('Not allowed')
    }
    next()
  }
}

app.get('/admin', checkRole(ROLE.ADMIN), ... (req, res) => {
  res.send('Admin Page')
})

app.get('/user', checkRole(ROLE.USER), ... (req, res) => {
  res.send('User Page')
})

// scoping

const scope = (user, list) => list.filter(item => {
  if (user.role === ROLE.ADMIN) return true;
  else return item.user.id === user.id)
})

app.get('/', (req, res) => {
  res.json(scope(req.user, req.list))
})
	const ROLES = {...}

	// middleware

	function checkRole(role) {
	return (req, res, next) => {
	if (req.user.role !== role) {
	res.status(401)
	return res.send('Not allowed')
	}
	next()
	}
	}

	app.get('/admin', checkRole(ROLE.ADMIN), ... (req, res) => {
	res.send('Admin Page')
	})

	app.get('/user', checkRole(ROLE.USER), ... (req, res) => {
	res.send('User Page')
	})

	// scoping

	const scope = (user, list) => list.filter(item => {
	if (user.role === ROLE.ADMIN) return true;
	else return item.user.id === user.id)
	})

	app.get('/', (req, res) => {
	res.json(scope(req.user, req.list))
	})