/**
 * 管理员判断
 * @author: leo <qi.li@yoho.cn>
 * @date: 2017/7/6
 */
'use strict';

const _ = require('lodash');

module.exports = (req, res, next) => {
    const path = req.path;
    const isAdmin = _.get(req.session, 'user.isAdmin');

    // 无需验证的路径
    const excludedPath = [
        '/login',
        '/api/login'
    ];

    if (excludedPath.indexOf(path) > -1) {
        return next();
    }

    if (!isAdmin) {
        if (req.xhr) {
            return res.json({
                code: 401,
                message: '抱歉，您没有管理员权限'
            });
        }

        return res.render('error/403', {
            layout: false
        });
    }

    next();
};