Javascript RESTful为需要不同授权级别的数据创建修补程序端点的方法

我正在寻找一种RESTful方法来为我的后端应用程序创建补丁端点。假设我有以下用户数据：

    {
        id: "123"   
        name: "John"
        username: "john_2020",
        email: "john@gmail.com",
        password: "abc123",
        type: "staff",
        privilege: 1
    }

我想创建一个端点，允许前端对这些属性中的任何一个执行部分数据更新。目前我有以下内容（在Express.js中）：

这个很好用。但是，如果我希望某些属性（例如

privilege

）只能由具有管理员权限的用户更改，该怎么办？休息的方式是什么

目前，我有一个单独的端点来执行此操作：

    // Endpoint to update privilege. Wrapped with admin middleware on top of auth
    router.patch('/:id/privilege', [auth, admin], (req, res) => {
        const { id } = req.params
        const { privilege } = req.body; // Extract only privilege in case client send other data as well
        const result = await userController.patchUser(id, {privilege});
        res.send(result)
    })

    // Previous patch endpoint. 
    router.patch('/:id', auth, (req, res) => {
        const { id } = req.params
        const { privilege, ...data } = req.body; // Extract out privilege in case client send it
        const result = await userController.patchUser(id, data);
        res.send(result)
    })

    // Endpoint to update privilege. Wrapped with admin middleware on top of auth
    router.patch('/:id/privilege', [auth, admin], (req, res) => {
        const { id } = req.params
        const { privilege } = req.body; // Extract only privilege in case client send other data as well
        const result = await userController.patchUser(id, {privilege});
        res.send(result)
    })

    // Previous patch endpoint. 
    router.patch('/:id', auth, (req, res) => {
        const { id } = req.params
        const { privilege, ...data } = req.body; // Extract out privilege in case client send it
        const result = await userController.patchUser(id, data);
        res.send(result)
    })