Enabled editing facilities, users get a role

aduda091 · aduda091 · commit 8e36e47a4712 · 2017-12-19T14:26:40.000+01:00
Only admins can add and edit facilities, fixed facility phone/telephone bug, added Traversy credits
diff --git a/README.md b/README.md
@@ -33,11 +33,19 @@ GET /facilities         // Returns facilities array
 ```
 
 ```bash
-POST /facilities         // Creates a facility
+GET /facilities/:id         // Returns a facility by ID
+```
+
+```bash
+POST /facilities         // Creates a facility (requires authorization)
+```
+
+```bash
+PUT /facilities/:id         // Edits a facility by ID (requires authorization)
 ```
 
 ## JSON Format (Schema)
 ### User
-{firstName, lastName, mail, password}
+{firstName, lastName, mail, password, role(defaults to 'user')}
 ### Facility
 {name, address, mail, telephone}
diff --git a/app.js b/app.js
@@ -5,6 +5,8 @@ const passport = require('passport');
 const mongoose = require('mongoose');
 const config = require('./config/database');
 
+/*   skeleton project taken from Brad Traversy https://github.com/bradtraversy/nodeauthapp  */
+
 // Connect To Database
 mongoose.Promise = global.Promise;
 mongoose.connect(config.database, { useMongoClient: true });
diff --git a/models/user.js b/models/user.js
@@ -20,6 +20,10 @@ const UserSchema = mongoose.Schema({
   password: {
     type: String,
     required: true
+  },
+  role: {
+      type: String,
+      default: "user"
   }
 });
 
@@ -30,7 +34,7 @@ module.exports.getUserById = function(id, callback){
 };
 
 module.exports.getUserByMail = function(mail, callback){
-  const query = {mail: mail}
+  const query = {mail: mail};
   User.findOne(query, callback);
 };
 
diff --git a/routes/facilities.js b/routes/facilities.js
@@ -5,27 +5,56 @@ const config = require('../config/database');
 const Facility = require('../models/facility');
 
 // Add New Facility
-router.post('/', (req, res, next) => {
-  let newFacility = new Facility({
-      name: req.body.name,
-      address: req.body.address,
-      mail: req.body.mail,
-      telephone: req.body.phone
-  });
+router.post('/', passport.authenticate('jwt', {session: false}), (req, res, next) => {
+    let role = req.user.role;
+    console.log(role);console.log(req.user.role);
+    //protect route, limit to admins only
+    if (role !== "admin") res.status(403).json({success: false, msg: 'Unauthorized'});
+    let newFacility = new Facility({
+        name: req.body.name,
+        address: req.body.address,
+        mail: req.body.mail,
+        telephone: req.body.telephone
+    });
 
-  Facility.addFacility(newFacility, (err, facility) => {
-    if (err) {
-      res.json({ success: false, msg: 'Failed to create facility' });
-    } else {
-      res.json({ success: true, msg: 'Facility created' });
-    }
-  });
+    Facility.addFacility(newFacility, (err, facility) => {
+        if (err) {
+            res.json({success: false, msg: 'Failed to create facility'});
+        } else {
+            res.json({success: true, msg: 'Facility created'});
+        }
+    });
 });
 
 // Read all facilities
 router.get('/', (req, res, next) => {
     Facility.find().then(facilities => {
         res.send(facilities);
+    }).catch(err => {
+        res.status(404).send(err);
+    })
+});
+
+// Read a single facility by ID
+router.get('/:id', (req, res, next) => {
+    Facility.findById(req.params.id).then(facility => {
+        res.send(facility);
+    }).catch(err => {
+        res.status(404).send(err);
+    })
+});
+
+// Edit a single facility by ID
+router.put('/:id', passport.authenticate('jwt', {session: false}), (req, res, next) => {
+    let role = req.user.role;
+    //protect route, limit to admins only
+    if (role !== "admin") res.status(403).json({success: false, msg: 'Unauthorized'});
+
+    Facility.findOneAndUpdate({_id: req.params.id}, req.body, {new: true})
+        .then(facility => {
+            res.send(facility);
+        }).catch(err => {
+        res.status(404).send(err);
     })
 });
 
diff --git a/routes/users.js b/routes/users.js
@@ -44,7 +44,12 @@ router.post('/login', (req, res, next) => {
         res.json({
           success: true,
           token: 'JWT ' + token,
-          user: user
+          user: {
+              firstName: user.firstName,
+              lastName: user.lastName,
+              mail: user.mail,
+              role: user.role
+          }
         });
       } else {
         return res.json({ success: false, msg: 'Wrong password' });
