diff --git a/backend/src/controllers/SessionController.js b/backend/src/controllers/SessionController.js index 2f19dca..e9afcb0 100644 --- a/backend/src/controllers/SessionController.js +++ b/backend/src/controllers/SessionController.js @@ -23,7 +23,10 @@ exports.store = async (req, res, next) => { } ); - return res - .status(200) - .json({ token: token, username: user.name, userId: user.id }); + return res.status(200).json({ + token: token, + username: user.name, + profile: user.profile, + userId: user.id, + }); }; diff --git a/backend/src/controllers/SettingController.js b/backend/src/controllers/SettingController.js index 15e4203..045a0ee 100644 --- a/backend/src/controllers/SettingController.js +++ b/backend/src/controllers/SettingController.js @@ -2,12 +2,24 @@ const Setting = require("../models/Setting"); const { getIO } = require("../libs/socket"); exports.index = async (req, res) => { + if (req.user.profile !== "admin") { + return res + .status(403) + .json({ error: "Only administrators can access this route." }); + } + const settings = await Setting.findAll(); return res.status(200).json(settings); }; exports.update = async (req, res) => { + if (req.user.profile !== "admin") { + return res + .status(403) + .json({ error: "Only administrators can access this route." }); + } + const io = getIO(); const { settingKey } = req.params; const setting = await Setting.findByPk(settingKey); diff --git a/backend/src/controllers/UserController.js b/backend/src/controllers/UserController.js index a77da49..0f00962 100644 --- a/backend/src/controllers/UserController.js +++ b/backend/src/controllers/UserController.js @@ -8,6 +8,12 @@ const Setting = require("../models/Setting"); const { getIO } = require("../libs/socket"); exports.index = async (req, res) => { + if (req.user.profile !== "admin") { + return res + .status(403) + .json({ error: "Only administrators can access this route." }); + } + const { searchParam = "", pageNumber = 1 } = req.query; const whereCondition = { diff --git a/frontend/src/components/_layout/MainListItems.js b/frontend/src/components/_layout/MainListItems.js index df2a93a..0df631f 100644 --- a/frontend/src/components/_layout/MainListItems.js +++ b/frontend/src/components/_layout/MainListItems.js @@ -38,6 +38,7 @@ function ListItemLink(props) { } const MainListItems = () => { + const userProfile = localStorage.getItem("profile"); return (