My application is supposed to have 3 user scopes (User, Admin, Super Admin). I am trying to do this manually without using any external ACL library.
Here are my admin and super admin scope functions.
const adminScope = (req, res, next) => {
if (req.user.scope !== 'admin') {
return res.status(403).send({
status: 'fail',
message: 'You are not admin'
})
}
next();
}
const superAdminScope = (req, res, next) => {
if (req.user.scope !== 'superAdmin') {
return res.status(403).send({
status: 'fail',
message: 'You are not Super Admin'
})
}
next();
}
?
I am trying to use these with my routes as below
app.use('/admin', [passport.authenticate('jwt', { session: false }), adminScope], [adminPage])
?
The above works fine and checks if the scope of the user is admin
or not.
I want all the routes in adminPages
to be accessible by both Admins and Super Admins.
?
I tried by passing superAdminScope
as third middleware.
app.use('/admin', [passport.authenticate('jwt', { session: false }), adminScope, superAdminScope], [adminPage])
It fails after checking just adminScope
function and says
{
status: "fail",
message: "You are not admin"
}
?
I also tried passing both of them as an array but still the same output.
app.use('/admin', [passport.authenticate('jwt', { session: false }), [adminScope, superAdminScope]], [adminPage])
question from:
https://stackoverflow.com/questions/65641978/passing-multiple-scope-acl-middlewares-to-routes-are-only-testing-for-the-firs