Auth middleware wrong check ?

[matamune94]

I found a piece of code that is difficult to understand

  if (roles === LOGGED_USER) {
    if (user.role !== 'admin' && req.params.userId !== user._id.toString()) {
      apiError.status = httpStatus.FORBIDDEN
      apiError.message = 'Forbidden'
      return next(apiError)
    }
  }

This roles === LOGGED_USER how can equal ? roles is Array type and LOGGED_USER is String type.