1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
'use strict';
const globalHooks = require('../../../hooks');
const hooks = require('feathers-hooks');
const auth = require('feathers-authentication').hooks;
var _feathersErrors = require('feathers-errors');
var _feathersErrors2 = _interopRequireDefault(_feathersErrors);
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
function validateRoleOnCreate () {
return function(hook) {
var _this = this;
var userRole = hook.params.user && hook.params.user.role;
return new Promise(function (resolve, reject) {
// Set provider as undefined so we avoid an infinite loop if this hook is
// set on the resource we are requesting.
var params = Object.assign({}, hook.params, { provider: undefined });
if (! hook.data.role) {
hook.data.role = 'user'
resolve(hook);
}
if (userRole && userRole.toString() === 'user') {
reject(new _feathersErrors2.default.Forbidden('You do not have permission to create new users.'));
}
else if (userRole && userRole.toString() === 'manager' && hook.data.role.toString() !== 'user') {
reject(new _feathersErrors2.default.Forbidden('You do not have permission to change this user\'s role.'));
}
else {
resolve(hook);
}
});
}
}
function validateRoleOnUpdate () {
return function(hook) {
var _this = this;
var userRole = hook.params.user.role;
return new Promise(function (resolve, reject) {
// Set provider as undefined so we avoid an infinite loop if this hook is
// set on the resource we are requesting.
var params = Object.assign({}, hook.params, { provider: undefined });
return _this.get(hook.id, params).then(function (data) {
if (data.toJSON) {
data = data.toJSON();
} else if (data.toObject) {
data = data.toObject();
}
var dataRole = data.role;
if (userRole.toString() === 'user' && dataRole.toString() !== 'user') {
reject(new _feathersErrors2.default.Forbidden('You do not have permission to change your role.'));
}
else if (userRole.toString() === 'manager' && dataRole.toString() !== 'user') {
reject(new _feathersErrors2.default.Forbidden('You do not have permission to change this user\'s role.'));
}
else {
resolve(hook);
}
}).catch(reject);
});
}
}
const roleConfig = {
fieldName: 'role',
roles: ['manager','admin'],
owner: true,
ownerField: 'id'
}
exports.before = {
all: [],
find: [
auth.verifyToken(),
auth.populateUser(),
auth.restrictToAuthenticated(),
],
get: [
auth.verifyToken(),
auth.populateUser(),
auth.restrictToAuthenticated(),
auth.restrictToRoles(roleConfig),
],
create: [
auth.hashPassword(),
validateRoleOnCreate(),
],
update: [
auth.verifyToken(),
auth.populateUser(),
auth.restrictToAuthenticated(),
auth.restrictToRoles(roleConfig),
validateRoleOnUpdate(),
],
patch: [
auth.verifyToken(),
auth.populateUser(),
auth.restrictToAuthenticated(),
validateRoleOnUpdate(),
validateRoleOnUpdate(),
],
remove: [
auth.verifyToken(),
auth.populateUser(),
auth.restrictToAuthenticated(),
validateRoleOnUpdate(),
]
};
exports.after = {
all: [hooks.remove('password')],
find: [],
get: [],
create: [],
update: [],
patch: [],
remove: [
// remove user's meals
],
};
|
