Now we are going to protect the routes for the user with the role of Author, just like we did previously for the users with the role of Admin.
Server
// middlewares
export const isAuthor = async (req, res, next) => {
try {
// you get req.user._id from verified jwt token
const user = await User.findById(req.user._id);
// console.log("isAdmin ===> ", user);
if (user.role !== "Author") {
return res.status(400).send("Unauthorized");
} else {
next();
}
} catch (err) {
console.log(err);
}
};
// route
// CHANGE THE previous currentAdmin controller function to currentUser
// so that it can be used multiple times
router.get("/current-admin", requireSignin, isAdmin, currentUser);
router.get("/current-author", requireSignin, isAuthor, currentUser);