Skip to content

Commit

Permalink
feat(users): end policy ✨
Browse files Browse the repository at this point in the history
  • Loading branch information
@PierreBrisorgueil
PierreBrisorgueil committed May 3, 2020
1 parent de308be commit 4811602
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 16 deletions.
20 changes: 10 additions & 10 deletions modules/users/policies/users.policy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,21 +10,12 @@ const policy = require(path.resolve('./lib/middlewares/policy'));
*/
exports.invokeRolesPolicies = () => {
policy.Acl.allow([{
roles: ['admin'],
allows: [{
resources: '/api/users',
permissions: ['get'],
}, {
resources: '/api/users/:userId',
permissions: ['get', 'put', 'delete'],
}],
}, {
roles: ['user'],
allows: [{
resources: '/api/users/me',
permissions: ['get'],
}, {
resources: '/api/users/',
resources: '/api/users',
permissions: ['put', 'delete'],
}, {
resources: '/api/users/password',
Expand All @@ -42,6 +33,15 @@ exports.invokeRolesPolicies = () => {
resources: '/api/users/data/mail',
permissions: ['get'],
}],
}, {
roles: ['admin'],
allows: [{
resources: '/api/users',
permissions: ['get'],
}, {
resources: '/api/users/:userId',
permissions: ['get', 'put', 'delete'],
}],
},
]);
};
13 changes: 7 additions & 6 deletions modules/users/routes/users.routes.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ const path = require('path');

const multer = require(path.resolve('./lib/services/multer'));
const model = require(path.resolve('./lib/middlewares/model'));
const policy = require(path.resolve('./lib/middlewares/policy'));
const usersSchema = require('../models/user.schema');


Expand All @@ -16,27 +17,27 @@ module.exports = (app) => {
const usersData = require('../controllers/users.data.controller');

app.route('/api/users/me')
.get(passport.authenticate('jwt'), users.me);
.get(passport.authenticate('jwt'), policy.isAllowed, users.me);

app.route('/api/users').all(passport.authenticate('jwt'))
app.route('/api/users').all(passport.authenticate('jwt'), policy.isAllowed)
.put(model.isValid(usersSchema.User), users.update)
.delete(users.delete);

app.route('/api/users/password')
.post(passport.authenticate('jwt'), users.updatePassword);
.post(passport.authenticate('jwt'), policy.isAllowed, users.updatePassword);

app.route('/api/users/avatar').all(passport.authenticate('jwt'))
app.route('/api/users/avatar').all(passport.authenticate('jwt'), policy.isAllowed)
.post(multer.create('img', config.uploads.avatar), users.updateAvatar)
.delete(users.deleteAvatar);

app.route('/api/users/accounts')
.delete(users.removeOAuthProvider)
.post(model.isValid(usersSchema.User), users.addOAuthProviderUserProfile);

app.route('/api/users/data').all(passport.authenticate('jwt'))
app.route('/api/users/data').all(passport.authenticate('jwt'), policy.isAllowed)
.get(usersData.get)
.delete(usersData.delete);

app.route('/api/users/data/mail').all(passport.authenticate('jwt'))
app.route('/api/users/data/mail').all(passport.authenticate('jwt'), policy.isAllowed)
.get(usersData.getMail);
};

0 comments on commit 4811602

Please sign in to comment.