我已经阅读了文档,但我似乎无法正确理解。
我正在尝试实现一个 restrictToOwner 和 restrictToRoles 以便具有管理员或超级管理员角色的用户可以访问此服务中的所有其他方法
const restrict = [
authenticate('jwt'),
restrictToOwner({
idField: '_id',
ownerField: '_id'
})
]
const restrictUser = [
authenticate('jwt'),
restrictToRoles({
roles: ['admin', 'super-admin'],
fieldName: 'roles'
})
]
before: {
all: [],
find: [ ...restrictUser ],
get: [ ...restrict, ...restrictUser],
create: [ hashPassword() ],
update: [ ...restrict, ...restrictUser, hashPassword() ],
patch: [ ...restrict, ...restrictUser, hashPassword() ],
remove: [ ...restrict, ...restrictUser ]
},