express-admin icon indicating copy to clipboard operation
express-admin copied to clipboard

Published 20 hours ago verified publisher icon simov

How to check user access in custom view?

Open ghost opened this issue 10 years ago • 2 comments
trafficstars

I have a get request like "site.com/admin/fs/download?filename=blahblah.pdf", where fs is my custom view. How can I check in my custom view if user have access to express admin? Because now everyone can execute this query without login.

ghost avatar Jun 11 '15 14:06 ghost

Ok, i checked out the auth.js and

if (!req.session.user) next();

works for me

ghost avatar Jun 11 '15 14:06 ghost

Yes, and you can have multiple users registered to use the admin - check out this comment

Also if you are POSTing data to the server don't forget to add a CSRF token in your web forms, just check out how this is done in the editview template.

simov avatar Jun 11 '15 15:06 simov