For the authorization flow, in the middleware, I want to match any value in the .eq statement. Ordinary users can only see posts created by themselves. Administrators can see all posts.
const userMatcher = user.role === "admin" ? "*" : user.id; const { data: post } = await supabase .from("posts") .select("*") .eq("id", id) .eq("userId", userMatcher) .single(); Matching "*" has no effect here. If possible, I'd like to keep this code clean and not duplicate the query (minus the user matcher) for the admin case.
If possible, what is the cleanest way?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Michael Coxon's answer is perfect.Alternatively, you can achieve similar results through a combination of multiple
logical operators.Try this:
const userMatcher = user.role === "admin" ? true : { userId: user.id }; const { data: post } = await supabase .from("posts") .select("*") .or(`userId.eq.${userMatcher}`, "id.eq." + id) .single();For admin users:user.role === "admin", so the conditionuserId.eq.truealways evaluates to true, allowing admin users to view all posts.
For other users:ConditionsuserId.eq.{userId: user.id}Limits the selection to only posts whose userId matches the current user's ID.
id.eq.${id}Ensure that the post with the specified id is retrieved.
Just split the query. You don't need to do everything in one line.
let query = supabase .from("posts") .select("*") .eq("id", id); if(user.role === "admin"){ query = query.eq("userId", user.id) } const { data: post } = await query.single();