mirror of
https://github.com/sstent/expressmongotest.git
synced 2026-01-25 08:34:53 +00:00
tweakign the isAdmin rules
This commit is contained in:
@@ -4,10 +4,10 @@
|
||||
*/
|
||||
|
||||
var loggedIn = require('./middleware/logged_in');
|
||||
|
||||
var isAdmin = require('./middleware/is_admin');
|
||||
|
||||
module.exports = function(app) {
|
||||
app.get('/', loggedIn, function(req, res){
|
||||
app.get('/', loggedIn, isAdmin, function(req, res){
|
||||
res.render('index', { title: 'Express' });
|
||||
});
|
||||
};
|
||||
@@ -18,7 +18,7 @@ module.exports = function(app) {
|
||||
if (user) {
|
||||
req.session.user = user;
|
||||
console.log("req.session.user= " + JSON.stringify(req.session.user));
|
||||
res.redirect('/users');
|
||||
res.redirect('/users/' + req.session.user.username);
|
||||
} else {
|
||||
res.redirect('/session/new');
|
||||
}
|
||||
|
||||
@@ -51,13 +51,13 @@ module.exports = function(app) {
|
||||
res.render('users/profile', {
|
||||
title: 'User profile',
|
||||
user: req.user,
|
||||
requested: req.params.name,
|
||||
recentArticles: articles
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
app.post('/users', notLoggedIn, function(req, res, next) {
|
||||
console.log("/nreq.body" + JSON.stringify(req.body));
|
||||
User.create(req.body, function(err) {
|
||||
if (err) {
|
||||
if (err.code === 11000) {
|
||||
|
||||
@@ -10,6 +10,3 @@ block content
|
||||
span Author:
|
||||
|
||||
a(href="/users/" + encodeURIComponent(article.author.name))= article.author.name
|
||||
|
||||
p
|
||||
a(href="/articles") Back to all articles
|
||||
@@ -2,8 +2,11 @@ extends ../layout
|
||||
block content
|
||||
h1= user.name
|
||||
|
||||
- if (session.user.)
|
||||
- if (session.user.name === requested)
|
||||
h1 Private View
|
||||
p= session.user.name
|
||||
p= requested
|
||||
|
||||
- else
|
||||
h1 Public View
|
||||
|
||||
@@ -13,10 +16,3 @@ block content
|
||||
li
|
||||
a(href="/articles/" + encodeURIComponent(article._id))= article.title
|
||||
- });
|
||||
|
||||
- if (session.user.is_admin = 'true')
|
||||
form(action="/users/" + encodeURIComponent(user.username), method="POST")
|
||||
input(name="_method", type="hidden", value="DELETE")
|
||||
input(type="submit", value="Delete")
|
||||
|
||||
a(href="/users/") Back to Userlist
|
||||
Reference in New Issue
Block a user