1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
'use strict';
const globalHooks = require('../../../hooks');
const hooks = require('feathers-hooks');
const auth = require('feathers-authentication').hooks;
const feathersErrors = require('feathers-errors');
const roleConfig = {
fieldName: 'role',
roles: ['admin'],
owner: true,
ownerField: 'userid'
}
function populateUserId (){
return function(hook) {
var _this = this;
return new Promise(function (resolve, reject) {
if (! hook.data.userid) {
hook.data.userid = hook.userid
}
else if (hook.params.user && hook.params.user.id !== hook.data.userid && hook.params.user.role !== 'admin') {
return reject(new feathersErrors.default.Forbidden('You do not have permission to make meals for this user.'))
}
resolve(hook)
});
}
}
exports.before = {
all: [
auth.verifyToken(),
auth.populateUser(),
auth.restrictToAuthenticated(),
],
find: [],
get: [],
create: [
populateUserId(),
],
update: [
auth.restrictToRoles(roleConfig),
],
patch: [
auth.restrictToRoles(roleConfig),
],
remove: [
auth.restrictToRoles(roleConfig),
]
};
exports.after = {
all: [],
find: [],
get: [],
create: [],
update: [],
patch: [],
remove: [],
};
|
