cheveguerra/whaticket-community
1
0
Fork 0
mirror of https://github.com/cheveguerra/whaticket-community.git synced 2026-04-19 20:29:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: block no admin users to access some routes

Browse Source
This commit is contained in:
canove
2020-09-07 09:38:52 -03:00
parent 8e8658425f
commit 10bc003d02
5 changed files with 48 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
backend/src/controllers/SessionController.js
View File

@@ -23,7 +23,10 @@ exports.store = async (req, res, next) => {
}
);
return res
.status(200)
.json({ token: token, username: user.name, userId: user.id });
return res.status(200).json({
token: token,
username: user.name,
profile: user.profile,
userId: user.id,
});
};

12
backend/src/controllers/SettingController.js
View File

@@ -2,12 +2,24 @@ const Setting = require("../models/Setting");
const { getIO } = require("../libs/socket");
exports.index = async (req, res) => {
if (req.user.profile !== "admin") {
return res
.status(403)
.json({ error: "Only administrators can access this route." });
}
const settings = await Setting.findAll();
return res.status(200).json(settings);
};
exports.update = async (req, res) => {
if (req.user.profile !== "admin") {
return res
.status(403)
.json({ error: "Only administrators can access this route." });
}
const io = getIO();
const { settingKey } = req.params;
const setting = await Setting.findByPk(settingKey);

6
backend/src/controllers/UserController.js
View File

@@ -8,6 +8,12 @@ const Setting = require("../models/Setting");
const { getIO } = require("../libs/socket");
exports.index = async (req, res) => {
if (req.user.profile !== "admin") {
return res
.status(403)
.json({ error: "Only administrators can access this route." });
}
const { searchParam = "", pageNumber = 1 } = req.query;
const whereCondition = {