Javascript RESTful为需要不同授权级别的数据创建修补程序端点的方法
我正在寻找一种RESTful方法来为我的后端应用程序创建补丁端点。假设我有以下用户数据:Javascript RESTful为需要不同授权级别的数据创建修补程序端点的方法,javascript,rest,express,Javascript,Rest,Express,我正在寻找一种RESTful方法来为我的后端应用程序创建补丁端点。假设我有以下用户数据: { id: "123" name: "John" username: "john_2020", email: "john@gmail.com", password: "abc123", type: &
{
id: "123"
name: "John"
username: "john_2020",
email: "john@gmail.com",
password: "abc123",
type: "staff",
privilege: 1
}
我想创建一个端点,允许前端对这些属性中的任何一个执行部分数据更新。目前我有以下内容(在Express.js中):
这个很好用。但是,如果我希望某些属性(例如privilege
)只能由具有管理员权限的用户更改,该怎么办?休息的方式是什么
目前,我有一个单独的端点来执行此操作:
// Endpoint to update privilege. Wrapped with admin middleware on top of auth
router.patch('/:id/privilege', [auth, admin], (req, res) => {
const { id } = req.params
const { privilege } = req.body; // Extract only privilege in case client send other data as well
const result = await userController.patchUser(id, {privilege});
res.send(result)
})
// Previous patch endpoint.
router.patch('/:id', auth, (req, res) => {
const { id } = req.params
const { privilege, ...data } = req.body; // Extract out privilege in case client send it
const result = await userController.patchUser(id, data);
res.send(result)
})
// Endpoint to update privilege. Wrapped with admin middleware on top of auth
router.patch('/:id/privilege', [auth, admin], (req, res) => {
const { id } = req.params
const { privilege } = req.body; // Extract only privilege in case client send other data as well
const result = await userController.patchUser(id, {privilege});
res.send(result)
})
// Previous patch endpoint.
router.patch('/:id', auth, (req, res) => {
const { id } = req.params
const { privilege, ...data } = req.body; // Extract out privilege in case client send it
const result = await userController.patchUser(id, data);
res.send(result)
})