1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
'use strict';
const globalHooks = require('../../../hooks');
const hooks = require('feathers-hooks');
const auth = require('feathers-authentication').hooks;
var _feathersErrors = require('feathers-errors');
var _feathersErrors2 = _interopRequireDefault(_feathersErrors);
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
function validateRoleOnCreate () {
return function(hook) {
var _this = this;
var userRole = hook.params.user && hook.params.user.role;
return new Promise(function (resolve, reject) {
// Set provider as undefined so we avoid an infinite loop if this hook is
// set on the resource we are requesting.
var params = Object.assign({}, hook.params, { provider: undefined });
if (! hook.data.role) {
hook.data.role = 'user'
resolve(hook);
}
if (userRole && userRole.toString() === 'user') {
reject(new _feathersErrors2.default.Forbidden('You do not have permission to create new users.'));
}
else if (userRole && userRole.toString() === 'manager' && hook.data.role.toString() !== 'user') {
reject(new _feathersErrors2.default.Forbidden('You do not have permission to change this user\'s role.'));
}
else {
resolve(hook);
}
});
}
}
function validateRoleOnUpdate () {
return function(hook) {
var _this = this;
var userRole = hook.params.user.role;
return new Promise(function (resolve, reject) {
// Set provider as undefined so we avoid an infinite loop if this hook is
// set on the resource we are requesting.
var params = Object.assign({}, hook.params, { provider: undefined });
return _this.get(hook.id, params).then(function (data) {
if (data.toJSON) {
data = data.toJSON();
} else if (data.toObject) {
data = data.toObject();
}
var dataRole = data.role;
if (userRole.toString() === 'user' && dataRole.toString() !== 'user') {
reject(new _feathersErrors2.default.Forbidden('You do not have permission to change your role.'));
}
else if (userRole.toString() === 'manager' && dataRole.toString() === 'admin') {
reject(new _feathersErrors2.default.Forbidden('You do not have permission to change this user\'s role.'));
}
else {
resolve(hook);
}
}).catch(reject);
});
}
}
function removeUserMeals () {
return function(hook) {
var _this = this;
return new Promise(function (resolve, reject) {
// Set provider as undefined so we avoid an infinite loop if this hook is
// set on the resource we are requesting.
var params = Object.assign({}, hook.params, { provider: undefined });
return hook.app.service('meals').remove(null, { userid: hook.user.id }).then(function (data) {
resolve(hook);
}).catch(reject);
});
}
}
const roleConfig = {
fieldName: 'role',
roles: ['manager','admin'],
owner: true,
ownerField: 'id'
}
exports.before = {
all: [],
find: [
auth.verifyToken(),
auth.populateUser(),
auth.restrictToAuthenticated(),
],
get: [
auth.verifyToken(),
auth.populateUser(),
auth.restrictToAuthenticated(),
auth.restrictToRoles(roleConfig),
],
create: [
auth.hashPassword(),
validateRoleOnCreate(),
],
update: [
auth.verifyToken(),
auth.populateUser(),
auth.restrictToAuthenticated(),
auth.restrictToRoles(roleConfig),
validateRoleOnUpdate(),
],
patch: [
auth.verifyToken(),
auth.populateUser(),
auth.restrictToAuthenticated(),
validateRoleOnUpdate(),
],
remove: [
auth.verifyToken(),
auth.populateUser(),
auth.restrictToAuthenticated(),
validateRoleOnUpdate(),
removeUserMeals(),
]
};
exports.after = {
all: [hooks.remove('password')],
find: [],
get: [],
create: [],
update: [],
patch: [],
remove: [],
};
|
