1 files changed, 36 insertions, 4 deletions

diff --git a/src/services/meal/hooks/index.js b/src/services/meal/hooks/index.js
index dd0d7ca..f30e5a0 100644
--- a/src/services/meal/hooks/index.js
+++ b/src/services/meal/hooks/index.js
@@ -3,6 +3,30 @@
 const globalHooks = require('../../../hooks');
 const hooks = require('feathers-hooks');
 const auth = require('feathers-authentication').hooks;
+const feathersErrors = require('feathers-errors');
+
+const roleConfig = {
+  fieldName: 'role',
+  roles: ['admin'],
+  owner: true,
+  ownerField: 'userid'
+}
+
+function populateUserId (){
+  return function(hook) {
+    var _this = this;
+
+    return new Promise(function (resolve, reject) {
+      if (! hook.data.userid) {
+        hook.data.userid = hook.userid
+      }
+      else if (hook.params.user && hook.params.user.id !== hook.data.userid && hook.params.user.role !== 'admin') {
+        return reject(new feathersErrors.default.Forbidden('You do not have permission to make meals for this user.'))
+      }
+      resolve(hook)
+    });
+  }
+}
 
 exports.before = {
   all: [
@@ -12,10 +36,18 @@ exports.before = {
   ],
   find: [],
   get: [],
-  create: [],
-  update: [],
-  patch: [],
-  remove: []
+  create: [
+    populateUserId(),
+  ],
+  update: [
+    auth.restrictToRoles(roleConfig),
+  ],
+  patch: [
+    auth.restrictToRoles(roleConfig),
+  ],
+  remove: [
+    auth.restrictToRoles(roleConfig),
+  ]
 };
 
 exports.after = {