Dear Lama,

I admire your work and it's really awsm. Thank you for your efforts. However I would like you to validate one exception from the tokens code. When i tried the same code , i am not able to resolve it .

In the verifyAdmin utility you are passing the next parameter to verifyToken method which verifies the token. If we try to access any restricted route it is showing proper error if token is missing or invalid. But when it comes to admin restricted routes it's not validating the admin conditions. The callback function for admin validation is not executing at all if you pass the next parameter. And any user can edit the things which admin only suppose to edit.

If you do not pass next then admin functionality works fine but token verification won't as expected without next.

Please have a look at this, I may be wrong at some point , if so, sorry for inconvenience. If no, thank you for time and solution.

Hey, I also experienced the same error. Just exactly as you mentioned it. The admin role isn't being verified if we follow the code in the tutorial and on GitHub. I noticed that both the general and admin user can make changes to the protected route(hotel controller). Also, the callback function in the "verifyAdmin" doesn't seem to run if we pass the next parameter.

Please have a look at this. Thank you

This code will solve your problem.
const verifyToken = (req, res, next) => {
//your code here
next();
}
const verifyUser= (req, res, next) => {
//your code here
next();
}
router.post("/user/:id", verifyToken, verifyUser, (req, res) => {
//your code here
});