feat: added minimum roles to apis, and JWT authentication validation

Signed-off-by: Varij Kapil <varijkapil13@live.com>
varijkapil13 · Jan 22, 2019 · 02af9bb · 02af9bb
1 parent 79b24f9
commit 02af9bb
Show file tree

Hide file tree

Showing 8 changed files with 187 additions and 14 deletions.
diff --git a/server/controllers/leave.controller.js b/server/controllers/leave.controller.js
@@ -72,6 +72,25 @@ class LeaveController {
       })
       .catch(error => res.status(400).send(error));
   }
+
+  static getUserLeaves(req, res) {
+    const avatarId = req.params.avatarId;
+    Leave.findAll({
+      where: {avatarId}
+    })
+      .then(leaves => {
+        let message = 'Leaves successfully retrieved';
+        if (leaves.length <= 0) {
+          message = 'No leaves were found';
+        }
+        return res.status(200).send({
+          status: true,
+          message,
+          leaves
+        });
+      })
+      .catch(error => res.status(400).send(error));
+  }
 }
 
 export default LeaveController;
diff --git a/server/controllers/user.controller.js b/server/controllers/user.controller.js
@@ -128,6 +128,40 @@ class UserController {
         res.status(400).send(error);
       });
   }
+
+  static getAllUsers(req, res) {
+    User.findAll()
+      .then(users => {
+        let message = 'Users successfully retrieved';
+        if (users.length <= 0) {
+          message = 'No users were found';
+        }
+        return res.status(200).send({
+          status: true,
+          message,
+          users
+        });
+      })
+      .catch(error => res.status(400).send(error));
+  }
+  static getUser(req, res) {
+    const userId = req.params.userId;
+    User.find({
+      where: {id: userId}
+    })
+      .then(user => {
+        let message = 'Leaves successfully retrieved';
+        if (user) {
+          message = 'No leaves were found';
+        }
+        return res.status(200).send({
+          status: true,
+          message,
+          user
+        });
+      })
+      .catch(error => res.status(400).send(error));
+  }
 }
 
 export default UserController;
diff --git a/server/controllers/workday.controller.js b/server/controllers/workday.controller.js
@@ -109,6 +109,41 @@ class WorkdayController {
       })
       .catch(error => res.status(400).send(error));
   }
+
+  static getUserWorkdays(req, res) {
+    const avatarId = req.params.avatarId;
+    WorkDay.findAll({
+      where: {avatarId}
+    })
+      .then(workdays => {
+        let message = 'Workdays successfully retrieved';
+        if (workdays.length <= 0) {
+          message = 'No workdays were found';
+        }
+        return res.status(200).send({
+          status: true,
+          message,
+          workdays
+        });
+      })
+      .catch(error => res.status(400).send(error));
+  }
+
+  static getAllWorkdays(req, res) {
+    WorkDay.findAll()
+      .then(workdays => {
+        let message = 'Workdays successfully retrieved';
+        if (workdays.length <= 0) {
+          message = 'No workdays were found';
+        }
+        return res.status(200).send({
+          status: true,
+          message,
+          workdays
+        });
+      })
+      .catch(error => res.status(400).send(error));
+  }
 }
 
 export default WorkdayController;
diff --git a/server/routes/avatar.route.js b/server/routes/avatar.route.js
@@ -1,9 +1,22 @@
 import express from 'express';
 const routes = express.Router();
 import AvatarController from '../controllers/avatar.controller';
+import PermissionController from '../auth/permission.controller';
+import AuthorizationValidationController from '../auth/authorization.validation.controller';
+import configuration from '../common/env.config';
 
-routes.get('/', AvatarController.list);
-routes.put('/:avatarId', AvatarController.modify);
-routes.delete('/:avatarId', AvatarController.delete);
+const {ADMIN, MANAGER, USER} = configuration.permissions;
+
+routes.get('/', [AuthorizationValidationController.validJWTNeeded, PermissionController.minimumPermissionRequired(MANAGER), AvatarController.list]);
+routes.put('/:avatarId', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(MANAGER),
+  AvatarController.modify
+]);
+routes.delete('/:avatarId', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(MANAGER),
+  AvatarController.delete
+]);
 
 export default routes;
diff --git a/server/routes/holiday.route.js b/server/routes/holiday.route.js
@@ -1,10 +1,27 @@
 import express from 'express';
 import HolidayController from '../controllers/holiday.controller';
+import AuthorizationValidationController from '../auth/authorization.validation.controller';
+import PermissionController from '../auth/permission.controller';
+import configuration from '../common/env.config';
+
+const {ADMIN, MANAGER, USER} = configuration.permissions;
 
 const routes = express.Router();
 
-routes.post('/', HolidayController.addHoliday);
-routes.delete('/:holidayId', HolidayController.deleteHoliday);
-routes.get('/', HolidayController.getAllHolidays);
+routes.post('/', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(MANAGER),
+  HolidayController.addHoliday
+]);
+routes.delete('/:holidayId', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(MANAGER),
+  HolidayController.deleteHoliday
+]);
+routes.get('/', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(USER),
+  HolidayController.getAllHolidays
+]);
 
 export default routes;
diff --git a/server/routes/leave.route.js b/server/routes/leave.route.js
@@ -1,10 +1,31 @@
 import express from 'express';
 import LeaveController from '../controllers/leave.controller';
+import configuration from '../common/env.config';
+import AuthorizationValidationController from '../auth/authorization.validation.controller';
+import PermissionController from '../auth/permission.controller';
 
+const {ADMIN, MANAGER, USER} = configuration.permissions;
 const routes = express.Router();
 
-routes.post('/:avatarId', LeaveController.addLeave);
-routes.delete('/:leaveId', LeaveController.deleteLeave);
-routes.get('/', LeaveController.getAllLeaves);
+routes.post('/:avatarId', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(MANAGER),
+  LeaveController.addLeave
+]);
+routes.delete('/:leaveId', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(MANAGER),
+  LeaveController.deleteLeave
+]);
+routes.get('/', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(MANAGER),
+  LeaveController.getAllLeaves
+]);
+routes.get('/:avatarId', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(USER),
+  LeaveController.getUserLeaves
+]);
 
 export default routes;
diff --git a/server/routes/user.route.js b/server/routes/user.route.js
@@ -1,11 +1,35 @@
 import express from 'express';
 import UserController from '../controllers/user.controller';
 import AuthorizationController from '../auth/authorization.controller';
+import configuration from '../common/env.config';
+import PermissionController from '../auth/permission.controller';
+import AuthorizationValidationController from '../auth/authorization.validation.controller';
+
+const ADMIN = configuration.permissions.ADMIN;
+
 const routes = express.Router();
 
 // sign ip with avatar id
-routes.post('/signup/:avatarId', UserController.signUpWithAvatar);
-routes.post('/signup', UserController.signUp);
+routes.post('/signup/:avatarId', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(ADMIN),
+  UserController.signUpWithAvatar
+]);
+routes.post('/signup', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(ADMIN),
+  UserController.signUp
+]);
 routes.post('/login', [UserController.login, AuthorizationController.login]);
+routes.get('/', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(ADMIN),
+  UserController.getAllUsers
+]);
+routes.get('/:userId', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(ADMIN),
+  UserController.getUser
+]);
 
 export default routes;
diff --git a/server/routes/workday.route.js b/server/routes/workday.route.js
@@ -5,9 +5,7 @@ import PermissionController from '../auth/permission.controller';
 import AuthorizationValidationController from '../auth/authorization.validation.controller';
 import configuration from '../common/env.config';
 
-const ADMIN = configuration.permissions.ADMIN;
-const MANAGER = configuration.permissions.MANAGER;
-const USER = configuration.permissions.USER;
+const {ADMIN, MANAGER, USER} = configuration.permissions;
 
 const routes = express.Router();
 const upload = multer({storage: multer.memoryStorage()});
@@ -23,4 +21,16 @@ routes.post('/:avatarId', [
   WorkdayController.addWorkday
 ]);
 
+routes.get('/:avatarId', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(USER),
+  WorkdayController.getUserWorkdays
+]);
+
+routes.get('/', [
+  AuthorizationValidationController.validJWTNeeded,
+  PermissionController.minimumPermissionRequired(MANAGER),
+  WorkdayController.getUserWorkdays
+]);
+
 export default routes;