diff options
Diffstat (limited to 'src/services/user/hooks/index.js')
| -rw-r--r-- | src/services/user/hooks/index.js | 91 |
1 files changed, 84 insertions, 7 deletions
diff --git a/src/services/user/hooks/index.js b/src/services/user/hooks/index.js index 9dfe425..85f8e04 100644 --- a/src/services/user/hooks/index.js +++ b/src/services/user/hooks/index.js @@ -4,39 +4,114 @@ const globalHooks = require('../../../hooks'); const hooks = require('feathers-hooks'); const auth = require('feathers-authentication').hooks; +var _feathersErrors = require('feathers-errors'); +var _feathersErrors2 = _interopRequireDefault(_feathersErrors); +function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } + +function validateRoleOnCreate () { + return function(hook) { + var _this = this; + + var userRole = hook.params.user && hook.params.user.role; + + return new Promise(function (resolve, reject) { + // Set provider as undefined so we avoid an infinite loop if this hook is + // set on the resource we are requesting. + var params = Object.assign({}, hook.params, { provider: undefined }); + + if (! hook.data.role) { + hook.data.role = 'user' + resolve(hook); + } + if (userRole && userRole.toString() === 'user') { + reject(new _feathersErrors2.default.Forbidden('You do not have permission to create new users.')); + } + else if (userRole && userRole.toString() === 'manager' && hook.data.role.toString() !== 'user') { + reject(new _feathersErrors2.default.Forbidden('You do not have permission to change this user\'s role.')); + } + else { + resolve(hook); + } + }); + } +} + +function validateRoleOnUpdate () { + return function(hook) { + var _this = this; + + var userRole = hook.params.user.role; + + return new Promise(function (resolve, reject) { + // Set provider as undefined so we avoid an infinite loop if this hook is + // set on the resource we are requesting. + var params = Object.assign({}, hook.params, { provider: undefined }); + + return _this.get(hook.id, params).then(function (data) { + if (data.toJSON) { + data = data.toJSON(); + } else if (data.toObject) { + data = data.toObject(); + } + + var dataRole = data.role; + if (userRole.toString() === 'user' && dataRole.toString() !== 'user') { + reject(new _feathersErrors2.default.Forbidden('You do not have permission to change your role.')); + } + else if (userRole.toString() === 'manager' && dataRole.toString() !== 'user') { + reject(new _feathersErrors2.default.Forbidden('You do not have permission to change this user\'s role.')); + } + else { + resolve(hook); + } + }).catch(reject); + }); + } +} + +const roleConfig = { + fieldName: 'role', + roles: ['manager','admin'], + owner: true, + ownerField: 'id' +} + exports.before = { all: [], find: [ auth.verifyToken(), auth.populateUser(), - auth.restrictToAuthenticated() + auth.restrictToAuthenticated(), ], get: [ auth.verifyToken(), auth.populateUser(), auth.restrictToAuthenticated(), - auth.restrictToOwner({ ownerField: 'id' }) + auth.restrictToRoles(roleConfig), ], create: [ - auth.hashPassword() + auth.hashPassword(), + validateRoleOnCreate(), ], update: [ auth.verifyToken(), auth.populateUser(), auth.restrictToAuthenticated(), - auth.restrictToOwner({ ownerField: 'id' }) + auth.restrictToRoles(roleConfig), + validateRoleOnUpdate(), ], patch: [ auth.verifyToken(), auth.populateUser(), auth.restrictToAuthenticated(), - auth.restrictToOwner({ ownerField: 'id' }) + validateRoleOnUpdate(), + validateRoleOnUpdate(), ], remove: [ auth.verifyToken(), auth.populateUser(), auth.restrictToAuthenticated(), - auth.restrictToOwner({ ownerField: 'id' }) + validateRoleOnUpdate(), ] }; @@ -47,5 +122,7 @@ exports.after = { create: [], update: [], patch: [], - remove: [] + remove: [ + // remove user's meals + ], }; |