所以我有一个拥有管理员的应用程序,并且能够编辑所有用户表单。但是,当我去编辑用户表单时,似乎没有使用正在编辑的用户ID,而是使用已登录的管理员的ID。
因此,当我编辑用户表单时,它正在编辑管理员表单而不是用户表单。
例如:
我有两个用户
Admin :: 5a735764cd571d23319a8c31< - admin account
用户1 :: 5a73580acd571d23319a8c32
让我说我去编辑用户的比赛表格
这里的网址是
http://localhost:3000/dashboard/users/forms/competition-form/5a73580acd571d23319a8c32
当我在用户的表单上进行更改时,网址正确地使用了用户的ID。管理表单仅更改,而不是管理员用户。
以下是一些日志
Mongoose: users.findOne({ _id: ObjectId("5a735764cd571d23319a8c31") }, { fields: {} })
Fri Feb 02 2018 16:46:11 GMT+0000 (GMT): GET /dashboard/users/forms/competition-form/edit/5a73580acd571d23319a8c32
Mongoose: competitionforms.findOne({ _id: ObjectId("5a73580acd571d23319a8c32") }, { fields: {} })
Fri Feb 02 2018 16:46:11 GMT+0000 (GMT): GET /favicon.ico
Mongoose: users.findOne({ _id: ObjectId("5a735764cd571d23319a8c31") }, { fields: {} })
Fri Feb 02 2018 16:46:20 GMT+0000 (GMT): POST /dashboard/users/forms/competition-form/5a735764cd571d23319a8c31
Mongoose: competitionforms.findAndModify({ _id: ObjectId("5a735764cd571d23319a8c31") }, [], { '$setOnInsert': { __v: 0 }, '$set': { schoolName: 'Haybridge', competitionDate: '02/14/2018', competitionTime: '10:30 AM', compe
titionVenue: 'Haybridge High', competitionTotalOfStudents: 10, competitionTotalParticipated: 7, competitionTotalPersonnel: 7, competitionJudge1Name: 'Ben Bagley', competitionJudge1Telephone: '7476440096', competitionJudge1
Email: 'ben@benbagley.co.uk', competitionJudge2Name: 'Moss Moss', competitionJudge2Telephone: '7476440096', competitionJudge2Email: 'ben@benbagley.co.uk', competitionJudge3Name: 'Jen Barber', competitionJudge3Telephone: '7
476440096', competitionJudge3Email: 'ben@benbagley.co.uk' } }, { upsert: true, new: false, remove: false, fields: {} })
{ schoolName: 'Haybridge',
competitionDate: '02/14/2018',
competitionTime: '10:30 AM',
competitionVenue: 'Haybridge High',
competitionTotalOfStudents: '10',
competitionTotalParticipated: '7',
competitionTotalPersonnel: '7',
competitionJudge1Name: 'Ben Bagley',
competitionJudge1Telephone: '7476440096',
competitionJudge1Email: 'ben@benbagley.co.uk',
competitionJudge2Name: 'Moss Moss',
competitionJudge2Telephone: '7476440096',
competitionJudge2Email: 'ben@benbagley.co.uk',
competitionJudge3Name: 'Jen Barber',
competitionJudge3Telephone: '7476440096',
competitionJudge3Email: 'ben@benbagley.co.uk' }
Mongoose: users.findOne({ _id: ObjectId("5a735764cd571d23319a8c31") }, { fields: {} })
Fri Feb 02 2018 16:46:20 GMT+0000 (GMT): GET /dashboard
了解数据库如何获取Admin用户而不是用户。
routes.js
// Competition Form
// competition form details
router.get('/dashboard/users/forms/competition-form/:id', ensureAuthenticated, (req, res) => {
CompetitionForm.findById(req.params.id, function(err, competition){
res.render('dashboard/users/forms/competition-form.hbs', {
pageTitle: 'Competition Form',
competitions: competition
});
});
});
// competition form details post
router.post('/dashboard/users/forms/competition-form/:id', (req, res) => {
CompetitionForm.findOneAndUpdate({ _id: req.params.id }, req.body, {upsert:true}, (err, competition) => {
if (err) {
console.log(`Error saving data: ${err}`);
return res.send('Error saving data');
}
res.redirect('/dashboard');
console.log(req.body);
});
});
竞争form.hbs
{{> header}}
<div class="container">
{{#if user.admin}}
<form action="/dashboard/users/forms/competition-form/{{user.id}}" method="post">
<h2>Edit School Competition Form</h2>
<p>
<b>All fields with <span style="color: red">*</span> are required</b>
</p>
<div class="panel panel-default">
<div class="panel-heading">
General Information
</div>
<div class="panel-body">
<div class="row">
<div class="form-group col-md-12">
<label for="schoolName">
School Name <span style="color: red">*</span>
</label>
<input type="text" class="form-control" name="schoolName" placeholder="Enter school name" value="{{competitions.schoolName}}" required>
</div>
<div class="form-group col-md-6 date" data-provide="datepicker">
<label for="competitionDate">
Competition Date <span style="color: red">*</span>
</label>
<input type="text" class="form-control" id="competitionDate" name="competitionDate" placeholder="Enter the date of competition" value="{{competitions.competitionDate}}" required>
</div>
<div class="form-group col-md-6">
<label for="competitionTime">
Time <span style="color: red">*</span>
</label>
<input type="text" class="form-control" id="competitionTime" name="competitionTime" placeholder="Enter the time of the competition (e.g. 8:00 AM)" value="{{competitions.competitionTime}}" required>
</div>
<div class="form-group col-md-12">
<label for="competitionVenue">
Venue <span style="color: red">*</span>
</label>
<input type="text" class="form-control" id="competitionVenue" name="competitionVenue" placeholder="Enter where the competition was held" value="{{competitions.competitionVenue}}" required>
</div>
<div class="form-group col-md-6">
<label for="competitionTotalOfStudents">
Total number of students in the program <span style="color: red">*</span>
</label>
<input type="text" class="form-control" id="competitionTotalOfStudents" name="competitionTotalOfStudents" placeholder="Enter the total number" value="{{competitions.competitionTotalOfStudents}}" required>
</div>
<div class="form-group col-md-6">
<label for="competitionTotalParticipated">
Total number of students that participated <span style="color: red">*</span>
</label>
<input type="text" class="form-control" id="competitionTotalParticipated" name="competitionTotalParticipated" placeholder="Enter the total number" value="{{competitions.competitionTotalParticipated}}" required>
</div>
<div class="form-group col-md-6">
<label for="competitionTotalPersonnel">
Total number of school personnel involved in the program <span style="color: red">*</span>
</label>
<input type="text" class="form-control" id="competitionTotalPersonnel" name="competitionTotalPersonnel" placeholder="Enter the total number" value="{{competitions.competitionTotalPersonnel}}" required>
</div>
</div><!-- row ends -->
</div><!-- End of panel body -->
</div><!-- School Information panel ends -->
<!-- Judge 1 Info -->
<div class="panel panel-default">
<div class="panel-heading">
Judge 1
</div>
<div class="panel-body">
<div class="row">
<div class="form-group col-md-12">
<label for="competitionJudge1Name">
Judge's Name <span style="color: red">*</span>
</label>
<input type="text" class="form-control" id="competitionJudge1Name" name="competitionJudge1Name" placeholder="Enter the Judge's Name" value="{{competitions.competitionJudge1Name}}" required>
</div>
<div class="form-group col-md-6">
<label for="competitionJudge1Telephone">
Telephone <span style="color: red">*</span>
</label>
<input type="text" class="form-control" id="competitionJudge1Telephone" name="competitionJudge1Telephone" placeholder="Enter the Judge's Telephone Number" value="{{competitions.competitionJudge1Telephone}}" required>
</div>
<div class="form-group col-md-6">
<label for="competitionJudge1Email">
Email address <span style="color: red">*</span>
</label>
<input type="email" class="form-control" id="competitionJudge1Email" name="competitionJudge1Email" placeholder="judge@example.com" value="{{competitions.competitionJudge1Email}}" required>
</div>
</div>
</div><!-- end of row -->
</div>
<!-- Judge 2 Info -->
<div class="panel panel-default">
<div class="panel-heading">
Judge 2
</div>
<div class="panel-body">
<div class="row">
<div class="form-group col-md-12">
<label for="competitionJudge2Name">
Judge's Name <span style="color: red">*</span>
</label>
<input type="text" class="form-control" id="competitionJudge2Name" name="competitionJudge2Name" placeholder="Enter the Judge's Name" value="{{competitions.competitionJudge2Name}}" required>
</div>
<div class="form-group col-md-6">
<label for="competitionJudge2Telephone">
Telephone <span style="color: red">*</span>
</label>
<input type="text" class="form-control" id="competitionJudge2Telephone" name="competitionJudge2Telephone" placeholder="Enter the Judge's Telephone Number" value="{{competitions.competitionJudge2Telephone}}" required>
</div>
<div class="form-group col-md-6">
<label for="competitionJudge2Email">
Email address <span style="color: red">*</span>
</label>
<input type="email" class="form-control" id="competitionJudge2Email" name="competitionJudge2Email" placeholder="judge@example.com" value="{{competitions.competitionJudge2Email}}" required>
</div>
</div>
</div><!-- end of row -->
</div>
<!-- Judge 3 Info -->
<div class="panel panel-default">
<div class="panel-heading">
Judge 3
</div>
<div class="panel-body">
<div class="row">
<div class="form-group col-md-12">
<label for="competitionJudge3Name">
Judge's Name <span style="color: red">*</span>
</label>
<input type="text" class="form-control" id="competitionJudge3Name" name="competitionJudge3Name" placeholder="Enter the Judge's Name" value="{{competitions.competitionJudge3Name}}" required>
</div>
<div class="form-group col-md-6">
<label for="competitionJudge3Telephone">
Telephone <span style="color: red">*</span>
</label>
<input type="text" class="form-control" id="competitionJudge3Telephone" name="competitionJudge3Telephone" placeholder="Enter the Judge's Telephone Number" value="{{competitions.competitionJudge3Telephone}}" required>
</div>
<div class="form-group col-md-6">
<label for="competitionJudge3Email">
Email address <span style="color: red">*</span>
</label>
<input type="email" class="form-control" id="competitionJudge3Email" name="competitionJudge3Email" placeholder="judge@example.com" value="{{competitions.competitionJudge3Email}}" required>
</div>
</div>
</div><!-- end of row -->
</div>
<!-- The following fields are hidden to users and should ONLY be visible and editable by a site admin-level user. -->
<div class="panel panel-danger">
<div class="panel-heading">
Administrators Only
</div>
<div class="panel-body">
<p>Sent Required Photos? (currently {{competitions.competitionRequiredPhotos}})</p>
<div class="form-check">
<input class="form-check-input" type="radio" name="competitionRequiredPhotos" id="yesPhotosRadio" value="yes">
<label class="form-check-label" for="yesPhotosRadio">Yes</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="competitionRequiredPhotos" id="noPhotosRadio" value="no">
<label class="form-check-label" for="noPhotosRadio">No</label>
</div>
<p>Sent Required Certifications? (currently {{competitions.competitionRequiredCertifications}})</p>
<div class="form-check">
<input class="form-check-input" type="radio" name="competitionRequiredCertifications" id="yesCertsRadio" value="yes">
<label class="form-check-label" for="yesCertsRadio">Yes</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="competitionRequiredCertifications" id="noCertsRadio" value="no">
<label class="form-check-label" for="noCertsRadio">No</label>
</div>
</div>
</div>
<!-- End of fields hidden to user -->
<button type="submit" class="btn btn-primary">Submit</button>
</form>
{{else}}
<div class="text-center">
<h3>This is not the page you are looking for.</h3>
<p>Only admins have access to this page.</p>
</div>
{{/if}}
</div>
{{> footer}
我希望管理员能够毫无问题地更新用户表单和信息,因此获取正确的ID至关重要。
过去几天,这一直在绞尽脑汁。
帮助。
Mongoose: users.findOne({ _id: ObjectId("5a735764cd571d23319a8c31") }, { fields: {} }) **<--- logged in, admin id. This is correct**
Mon Feb 05 2018 13:36:33 GMT+0000 (GMT): GET /dashboard/users/5a73580acd571d23319a8c32/progress
Mongoose: users.findOne({ _id: ObjectId("5a73580acd571d23319a8c32") }, { fields: {} }) **<--- This is clicking on the `user` account, this is correct**
Mon Feb 05 2018 13:36:33 GMT+0000 (GMT): GET /favicon.ico
Mongoose: users.findOne({ _id: ObjectId("5a735764cd571d23319a8c31") }, { fields: {} }) **<--- this is the form being loaded, this is loading the admin and not the user, this is incorrect**
Mon Feb 05 2018 13:36:38 GMT+0000 (GMT): GET /dashboard/users/forms/competition-form/5a73580acd571d23319a8c32
Mongoose: competitionforms.findOne({ _id: ObjectId("5a73580acd571d23319a8c32") }, { fields: {} }) **<--- it now switches to the user id, but when in POST the admin id gets passed and not the user**
Mon Feb 05 2018 13:36:38 GMT+0000 (GMT): GET /favicon.ico
您可以通过日志看到管理员ID正在传递而不是用户,但ID正在切换。
答案 0 :(得分:0)
您的问题可能就在这里:
<form action="/dashboard/users/forms/competition-form/{{user.id}}" method="post">
你正在使用把手。我敢打赌你{{user.id}}实际上并不是你正在编辑的用户表单,而是当前登录用户的ID。这通常是通过jwt进行身份验证设置的,而不是。无论如何,user.id正在发布管理员ID,只会将其发布到对Mongo的调用中。
编辑:看一下,你所做的只是根据登录的用户是管理员来渲染表单。从这一行:
{{#if user.admin}}
然后它构建一个HTML表单,并且您发送的是ADMIN user.id,而不是其他用户的ID。您需要添加一些代码来指定您正在编辑的“哪个用户”,并将该ID传递到POST网址中。