diff options
Diffstat (limited to 'middleware/index.js')
| -rw-r--r-- | middleware/index.js | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/middleware/index.js b/middleware/index.js new file mode 100644 index 0000000..26751d1 --- /dev/null +++ b/middleware/index.js @@ -0,0 +1,57 @@ +const Post = require('../models/blogPost'), + Cmmnt = require('../models/cmmnt'), + User = require('../models/user'); + +const middlewareObj = {}; + +middlewareObj.checkPostOwnership = (req, res, next) => { + if(req.isAuthenticated()) { + Post.findById(req.params.pid, (err, foundPost) => { + if(err) { + console.log(err); + } else { + if(!foundPost) { + return res.redirect('back'); + } + if(foundPost.author.id.equals(req.user._id)) { + next(); + } else { + res.redirect('back'); + } + } + }); + } else { + res.redirect('/'); + } +} + +middlewareObj.checkCmmntOwnership = (req, res, next) => { + if(req.isAuthenticated()) { + Cmmnt.findById(req.params.cid, (err, foundCmmnt) => { + if(err) { + req.flash('error', 'not found...'); + res.redirect('back'); + } else { + if(foundCmmnt.author.id.equals(req.user._id)) { + next(); + } else { + req.flash('error', 'Permission denied!'); + res.redirect('back'); + } + } + }); + } else { + req.flash('error', 'You need to be logged in to do that!'); + res.redirect('back'); + } +} + +middlewareObj.isLoggedIn = (req, res, next) => { + if (req.isAuthenticated()) { + return next(); + } + //req.flash("error", "You need to be logged in to do that!"); // Must come before redirecting + //res.redirect("/login"); +}; + +module.exports = middlewareObj; |