I am trying to create a policy that allows only an Admin to view a page. I have shown the policy below, but it's not returning the right user.
module.exports = function (req, res, next) {
User.findOne({ id: token.id }, function (err, user) {
console.log(user);
if (err) throw (err);
if (user.permission === "admin") {
return next();
}
return res.send("You Must be an ADMIN to perform this task");
});
};