0
我正在制作一个博客应用程序;每个用户将能够发布他们的想法,只有发布的用户才能够删除或更新该帖子。猫鼬中的用户访问控制错误
exports.verifyOwn = function (req, res, next) {
if (User._id === req.decoded._doc.postedBy) {
next();
} else {
var err = new Error('You do not have administrative privileges!');
err.status = 401;
return next(err);
}
}
这是我的验证码。我怎样才能做到这一点通过自己的用户
var postSchema = new Schema({
title:{
type:String,
required:true
},
image:{
type:String,
required:true
},
meta:{
type:String,
required:true
},
story:{
type:String,
required:true
},
likes:{
type:Number,
min:0,
required:true
},
postedBy: {
type: mongoose.Schema.Types.ObjectId,
ref: 'User'
},
comments:[commentSchema]
},
{
timestamps: true
});
到delte后,这是我的用户模式
var User = new Schema({
username: String,
password: String,
OauthId: String,
OauthToken: String,
firstname: {
type: String,
default: ''
},
lastname: {
type: String,
default: ''
},
biodata: {
type: String,
default: ''
},
admin:{
type: Boolean,
default: false
}
});