diff --git a/backend/src/controllers/SessionController.js b/backend/src/controllers/SessionController.js index 2f19dca..e9afcb0 100644 --- a/backend/src/controllers/SessionController.js +++ b/backend/src/controllers/SessionController.js @@ -23,7 +23,10 @@ exports.store = async (req, res, next) => { } ); - return res - .status(200) - .json({ token: token, username: user.name, userId: user.id }); + return res.status(200).json({ + token: token, + username: user.name, + profile: user.profile, + userId: user.id, + }); }; diff --git a/backend/src/controllers/SettingController.js b/backend/src/controllers/SettingController.js index 15e4203..045a0ee 100644 --- a/backend/src/controllers/SettingController.js +++ b/backend/src/controllers/SettingController.js @@ -2,12 +2,24 @@ const Setting = require("../models/Setting"); const { getIO } = require("../libs/socket"); exports.index = async (req, res) => { + if (req.user.profile !== "admin") { + return res + .status(403) + .json({ error: "Only administrators can access this route." }); + } + const settings = await Setting.findAll(); return res.status(200).json(settings); }; exports.update = async (req, res) => { + if (req.user.profile !== "admin") { + return res + .status(403) + .json({ error: "Only administrators can access this route." }); + } + const io = getIO(); const { settingKey } = req.params; const setting = await Setting.findByPk(settingKey); diff --git a/backend/src/controllers/UserController.js b/backend/src/controllers/UserController.js index a77da49..0f00962 100644 --- a/backend/src/controllers/UserController.js +++ b/backend/src/controllers/UserController.js @@ -8,6 +8,12 @@ const Setting = require("../models/Setting"); const { getIO } = require("../libs/socket"); exports.index = async (req, res) => { + if (req.user.profile !== "admin") { + return res + .status(403) + .json({ error: "Only administrators can access this route." }); + } + const { searchParam = "", pageNumber = 1 } = req.query; const whereCondition = { diff --git a/frontend/src/components/_layout/MainListItems.js b/frontend/src/components/_layout/MainListItems.js index df2a93a..0df631f 100644 --- a/frontend/src/components/_layout/MainListItems.js +++ b/frontend/src/components/_layout/MainListItems.js @@ -38,6 +38,7 @@ function ListItemLink(props) { } const MainListItems = () => { + const userProfile = localStorage.getItem("profile"); return (
} /> @@ -57,18 +58,22 @@ const MainListItems = () => { primary={i18n.t("mainDrawer.listItems.contacts")} icon={} /> - - Administration - } - /> - } - /> + {userProfile === "admin" && ( + <> + + Administration + } + /> + } + /> + + )}
); }; diff --git a/frontend/src/context/Auth/useAuth.js b/frontend/src/context/Auth/useAuth.js index 4396d6f..327727c 100644 --- a/frontend/src/context/Auth/useAuth.js +++ b/frontend/src/context/Auth/useAuth.js @@ -47,11 +47,12 @@ const useAuth = () => { const handleLogin = async (e, user) => { e.preventDefault(); try { - const res = await api.post("/auth/login", user); - localStorage.setItem("token", JSON.stringify(res.data.token)); - localStorage.setItem("username", res.data.username); - localStorage.setItem("userId", res.data.userId); - api.defaults.headers.Authorization = `Bearer ${res.data.token}`; + const { data } = await api.post("/auth/login", user); + localStorage.setItem("token", JSON.stringify(data.token)); + localStorage.setItem("username", data.username); + localStorage.setItem("profile", data.profile); + localStorage.setItem("userId", data.userId); + api.defaults.headers.Authorization = `Bearer ${data.token}`; setIsAuth(true); toast.success(i18n.t("auth.toasts.success")); history.push("/tickets"); @@ -68,6 +69,7 @@ const useAuth = () => { setIsAuth(false); localStorage.removeItem("token"); localStorage.removeItem("username"); + localStorage.removeItem("profile"); localStorage.removeItem("userId"); api.defaults.headers.Authorization = undefined; history.push("/login");