子文件中的护照匹配用户名和密码(如果“父母"是文档没有任何匹配的用户名和密码 [英] passport match username and password in a sub document if the "parent" document doesn't have any matching username and passwords

问题描述

我当时正在考虑建立一个类似以下的组织.会有一个登录页面，管理员可以访问，工作人员可以访问.管理员可以做到这一点，以便工作人员可以看到某些数据(管理员可以创建工作人员).现在的主要问题是与护照挂钩.我认为用户文档看起来像这样

I was thinking of setting up an like the following. There will be a login page that an admin can access and a worker can access. the admin can make it so that the workers could see certain data(the admin can create workers). The main problem right now is hooking this up with passport. I think the user document look something like this

{username: "user1", password : "pass1", role : "admin",
  workers :[
    {username : "worker1", password : "workerpass1"},
    {username : "worker2", password : "workerpass2"}]
}

Passport会执行以下操作来检查用户名和密码

Passport does something like the following to check for username and password

passport.use(new LocalStrategy(
  function(username, password, done) {
    User.findOne({ username: username }, function(err, user) {
   ........................

我想知道如何访问工作人员级别，因为我认为上面的护照代码将在用户名字段的顶部显示.

I'm wondering how I can get access to the worker level because I think that the passport code above will look at the top username field.

我想我想做这样的事情:如果在登录尝试中如果用户名密码不在顶层，请转到worker数组并测试以查看用户名和密码是否匹配

I think I want to do something like this: if on login attempt if username an password is not in the top level go to the workers array and test to see if the username and password matches there

也许User.findOne找不到用户这样做User.worker.findOne()我该怎么做?

maybe if User.findOne doesn't find the user do User.worker.findOne() how would I do that?

推荐答案

如果您要寻找与之匹配的任何组合，则基本上需要 $or 查询条件，并带有 $elemMatch 从特定的workers条目中获取username和password组合:

If you are looking for any of the combinations to match the you basically want an $or query condition, with an $elemMatch to get the username and password combination from the specific workers entry:

passport.use(new LocalStrategy(
    function(username,password,done) {
        User.findOne({
            "$or": [
                { "username": username, "password": password },
                {
                    "workers": { "$elemMatch": {
                        "username": username, "password": password
                    }}
                }
            ]
        },function(err,user) {
           // remaining code
        });
    }
))

因此，这意味着$or数组中列出的条件中的任一"都可以匹配文档，并且$elemMatch用于确保用户名"和密码"都需要在数组上匹配元素，如果主"userame"和"password"在数组之外不匹配.

So that means "either" of the conditions listed within the array of $or can match a document, and the $elemMatch is used to make sure that both "username" and "password" need to match on the array element, if the main "userame" and "password" was not a match outside of the array.

因此，它的或/或"以及对数组的检查发生在查询方法的内部"，而不是直接作为模型对象的属性.

So its "either/or", and the inspection of the array happens "inside" the query method, and not as a property directly off the model object.

在此还请注意，由于用户名"和密码"可能在数组对象中也还"，因此此处的查询逻辑将覆盖其他内置的验证方法.因此，查询"需要验证匹配，并且返回对象时即返回有效"结果.

Also noting here that since "username" and "password" are possibly "also" within an array object, then other built in validation methods need to be overriden by the query logic here. So the "query" needs to validate the match, and when an object is returned that is when you return a "valid" result.

这就是定制的成本.否则，只需拥有单独的用户帐户，所有用户帐户都具有要应用的相同角色.

That's the cost of customisation. Otherwise, just have separate user accounts, all with the same role you want to apply.

这篇关于子文件中的护照匹配用户名和密码(如果“父母"是文档没有任何匹配的用户名和密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！