JREastonMarks
commented
6 years ago Are you asking if the user is not authenticated (Not Logged In), not authorized (Does not have role), or is not that user(Logged in as a different user)?
Open mylastore opened 6 years ago
JREastonMarks
commented
6 years ago Are you asking if the user is not authenticated (Not Logged In), not authorized (Does not have role), or is not that user(Logged in as a different user)?
mylastore
commented
6 years ago @JREastonMarks actually both
JREastonMarks
commented
6 years ago Sorry about the extreme delay in getting back to you.
Here is a copy of the code that I use. If a users authorizedStatus is not authorized then I render a login page otherwise I just allow the req to happen as usual.
I use express and I typically have two different pages. One for a user that is logged in, and one that requires them to log in.
app.set('permission', {
after: function(req, res, next, authorizedStatus) {
if (authorizedStatus !== 'authorized') {
res.render('pages/login', {});
} else {
next();
}
}
});FULL DISCLOSURE: This may not be best practice and I welcome any response that has a better way of solving this.
mylastore
commented
6 years ago That worked but I use redirect instead of render res.redirect('/login' || {});
how can I handle redirect at the control level? example if you go to url/admin take them back to sign in page if not an admin.