diff options
| -rw-r--r-- | src/services/meal/hooks/index.js | 40 | ||||
| -rw-r--r-- | src/services/meal/meal-model.js | 1 | ||||
| -rw-r--r-- | src/services/user/hooks/index.js | 1 | ||||
| -rw-r--r-- | test/services/user/roles.test.js | 12 |
4 files changed, 43 insertions, 11 deletions
diff --git a/src/services/meal/hooks/index.js b/src/services/meal/hooks/index.js index dd0d7ca..f30e5a0 100644 --- a/src/services/meal/hooks/index.js +++ b/src/services/meal/hooks/index.js @@ -3,6 +3,30 @@ const globalHooks = require('../../../hooks'); const hooks = require('feathers-hooks'); const auth = require('feathers-authentication').hooks; +const feathersErrors = require('feathers-errors'); + +const roleConfig = { + fieldName: 'role', + roles: ['admin'], + owner: true, + ownerField: 'userid' +} + +function populateUserId (){ + return function(hook) { + var _this = this; + + return new Promise(function (resolve, reject) { + if (! hook.data.userid) { + hook.data.userid = hook.userid + } + else if (hook.params.user && hook.params.user.id !== hook.data.userid && hook.params.user.role !== 'admin') { + return reject(new feathersErrors.default.Forbidden('You do not have permission to make meals for this user.')) + } + resolve(hook) + }); + } +} exports.before = { all: [ @@ -12,10 +36,18 @@ exports.before = { ], find: [], get: [], - create: [], - update: [], - patch: [], - remove: [] + create: [ + populateUserId(), + ], + update: [ + auth.restrictToRoles(roleConfig), + ], + patch: [ + auth.restrictToRoles(roleConfig), + ], + remove: [ + auth.restrictToRoles(roleConfig), + ] }; exports.after = { diff --git a/src/services/meal/meal-model.js b/src/services/meal/meal-model.js index 90f35ca..ec32bfa 100644 --- a/src/services/meal/meal-model.js +++ b/src/services/meal/meal-model.js @@ -23,6 +23,7 @@ module.exports = function(sequelize) { }, userid: { type: Sequelize.INTEGER, + allowNull: false, references: { model: sequelize.model('users'), key: 'id', diff --git a/src/services/user/hooks/index.js b/src/services/user/hooks/index.js index 80c3848..4d258fb 100644 --- a/src/services/user/hooks/index.js +++ b/src/services/user/hooks/index.js @@ -120,7 +120,6 @@ exports.before = { auth.populateUser(), auth.restrictToAuthenticated(), validateRoleOnUpdate(), - validateRoleOnUpdate(), ], remove: [ auth.verifyToken(), diff --git a/test/services/user/roles.test.js b/test/services/user/roles.test.js index d050806..b121977 100644 --- a/test/services/user/roles.test.js +++ b/test/services/user/roles.test.js @@ -28,12 +28,13 @@ function createUserAndFetchToken (role, done) { password: 'password', goal: 2000, role: role, - }, () => { + }).then(function (userdata) { Meal.create({ name: 'breakfast', date: new Date (), calories: 500, - }).then(function (data) { + userid: userdata.id, + }).then(function (mealdata) { chai.request(app) .post('/auth/local') .set('Accept', 'application/json') @@ -44,8 +45,8 @@ function createUserAndFetchToken (role, done) { .end((err, res) => { done({ token: res.body.token, - id: res.body.data.id, - mealid: data.id, + id: userdata.id, + mealid: mealdata.id, }) }) }) @@ -128,8 +129,7 @@ describe('user roles', () => { calories: 600, }) .end((err, res) => { - console.log(res.body) - // assert.equal(res.statusCode, 500); + assert.equal(res.statusCode, 403); done() }) }) |