在我的博客网站中,特定文章页面底部有两个选项(编辑和删除),只有作者才能看到。代码:
app.use(function(req,res,next) {
fullUrl = req.protocol + '://' + req.get('host') + req.originalUrl;
res.locals.currentUser = req.user; //stores the current logged in user
res.locals.fullUrl = fullUrl;
next();
})
//EDIT BLOG - FORM
app.get("/blog/:id/:title/edit", function(req,res) {
//check if user is logged in
if(req.isAuthenticated()) {
Blog.findById(req.params.id, function(err, foundBlog) { //finds the specific article
if(err) {
res.redirect("/blog");
} else {
console.log(foundBlog.author); //both have same output
console.log(req.user.username); //both have same output
//check if the current logged in user is the author
if( foundBlog.author == req.user.username ) {
res.render("editBlog", {blog : foundBlog}); //renders edit form
} else {
res.send( "YOU DO NOT HAVE PERMISSION TO DO THAT!");
}
}
})
} else {
res.send("YOU NEED TO BE LOGGED IN TO DO THAT!");
}
})
在showBlog.ejs中,
<div id="main-blog-content"><%- blog.body %></div> // content of article
<% if( currentUser && currentUser.username == blog.author ) { %> //this condition never fulfills and the edit and delete buttons never show up
<a class="ui secondary basic button" href="/blog/<%= blog._id %>/<%= blog.title %>/edit">Edit</a>
<form action="/blog/<%= blog._id %>/<%= blog.title %>?_method=DELETE" method="POST">
<button class="ui secondary basic button">Delete</button>
</form>
问题是:currentUser && currentUser.username == blog.author!
由于某种原因,这种情况永远不会实现。
我在这里错过了什么吗?