diff --git a/routes/bids.js b/routes/bids.js index 2fae132..986a5cc 100644 --- a/routes/bids.js +++ b/routes/bids.js @@ -2,8 +2,8 @@ const errors = require('restify-errors'); const Bid = require('../models/bid'); -module.exports = function(server) { - server.post('/bids', (req, res, next) => { +module.exports = function (server, auth) { + server.post('/bids', auth.manager, (req, res, next) => { let data = req.body || {}; @@ -20,7 +20,7 @@ module.exports = function(server) { }); }); - server.get('/bids', (req, res, next) => { + server.get('/bids', auth.manager, (req, res, next) => { Bid.apiQuery(req.params, function(err, docs) { if (err) { console.error(err); @@ -34,7 +34,7 @@ module.exports = function(server) { }); }); - server.get('/bids/:bid_id', (req, res, next) => { + server.get('/bids/:bid_id', auth.manager, (req, res, next) => { Bid.findOne({ _id: req.params.bid_id }, function(err, doc) { if (err) { console.error(err); @@ -48,8 +48,7 @@ module.exports = function(server) { }); }); - server.put('/bids/:bid_id', (req, res, next) => { - + server.put('/bids/:bid_id', auth.manager, (req, res, next) => { let data = req.body || {}; if (!data._id) { @@ -70,7 +69,7 @@ module.exports = function(server) { ); } - Bid.update({ _id: data._id }, data, function(err) { + Bid.updateOne({ _id: data._id }, data, function(err) { if (err) { console.error(err); return next( @@ -84,7 +83,7 @@ module.exports = function(server) { }); }); - server.del('/bids/:bid_id', (req, res, next) => { + server.del('/bids/:bid_id', auth.manager, (req, res, next) => { Bid.deleteOne({ _id: req.params.bid_id }, function(err) { if (err) { console.error(err); diff --git a/routes/events.js b/routes/events.js index 61cea6c..cec6c84 100644 --- a/routes/events.js +++ b/routes/events.js @@ -2,8 +2,8 @@ const errors = require('restify-errors'); const Event = require('../models/event'); -module.exports = function(server) { - server.post('/events', (req, res, next) => { +module.exports = function (server, auth) { + server.post('/events', auth.manager, (req, res, next) => { let data = req.body || {}; @@ -20,7 +20,7 @@ module.exports = function(server) { }); }); - server.get('/events', (req, res, next) => { + server.get('/events', auth.basic, (req, res, next) => { Event.apiQuery(req.params, function(err, docs) { if (err) { console.error(err); @@ -34,7 +34,7 @@ module.exports = function(server) { }); }); - server.get('/events/:event_id', (req, res, next) => { + server.get('/events/:event_id', auth.basic, (req, res, next) => { Event.findOne({ _id: req.params.event_id }, function(err, doc) { if (err) { console.error(err); @@ -48,7 +48,7 @@ module.exports = function(server) { }); }); - server.put('/events/:event_id', (req, res, next) => { + server.put('/events/:event_id', auth.manager, (req, res, next) => { let data = req.body || {}; @@ -70,7 +70,7 @@ module.exports = function(server) { ); } - Event.update({ _id: data._id }, data, function(err) { + Event.updateOne({ _id: data._id }, data, function(err) { if (err) { console.error(err); return next( @@ -84,7 +84,7 @@ module.exports = function(server) { }); }); - server.del('/events/:event_id', (req, res, next) => { + server.del('/events/:event_id', auth.manager, (req, res, next) => { Event.deleteOne({ _id: req.params.event_id }, function(err) { if (err) { console.error(err); diff --git a/routes/installs.js b/routes/installs.js index 27ad68e..2750b9c 100644 --- a/routes/installs.js +++ b/routes/installs.js @@ -2,8 +2,8 @@ const errors = require('restify-errors'); const Install = require('../models/install'); -module.exports = function(server) { - server.post('/installs', (req, res, next) => { +module.exports = function (server, auth) { + server.post('/installs', auth.basic, (req, res, next) => { let data = req.body || {}; @@ -20,7 +20,7 @@ module.exports = function(server) { }); }); - server.get('/installs', (req, res, next) => { + server.get('/installs', auth.manager, (req, res, next) => { Install.apiQuery(req.params, function(err, docs) { if (err) { console.error(err); @@ -34,7 +34,7 @@ module.exports = function(server) { }); }); - server.get('/installs/:install_id', (req, res, next) => { + server.get('/installs/:install_id', auth.manager, (req, res, next) => { Install.findOne({ _id: req.params.install_id }, function(err, doc) { if (err) { console.error(err); @@ -48,7 +48,7 @@ module.exports = function(server) { }); }); - server.put('/installs/:install_id', (req, res, next) => { + server.put('/installs/:install_id', auth.manager, (req, res, next) => { let data = req.body || {}; @@ -70,7 +70,7 @@ module.exports = function(server) { ); } - Install.update({ _id: data._id }, data, function(err) { + Install.updateOne({ _id: data._id }, data, function(err) { if (err) { console.error(err); return next( @@ -84,7 +84,7 @@ module.exports = function(server) { }); }); - server.del('/installs/:install_id', (req, res, next) => { + server.del('/installs/:install_id', auth.manager, (req, res, next) => { Install.deleteOne({ _id: req.params.install_id }, function(err) { if (err) { console.error(err); diff --git a/routes/items.js b/routes/items.js index 71ce493..196874f 100644 --- a/routes/items.js +++ b/routes/items.js @@ -4,8 +4,8 @@ const errors = require('restify-errors'); const Item = require('../models/item'); const { PUBLIC, STAFF } = require('../strategies/selects/item'); -module.exports = function(server) { - server.post('/items', (req, res, next) => { +module.exports = function (server, auth) { + server.post('/items', auth.manager, (req, res, next) => { const data = req.body || {}; const item = new Item(data); @@ -21,7 +21,7 @@ module.exports = function(server) { }); }); - server.get('/items', (req, res, next) => { + server.get('/items', auth.basic, (req, res, next) => { const select = req.user.isManager ? STAFF : PUBLIC; Item.find(req.params, select, function(err, docs) { @@ -37,7 +37,7 @@ module.exports = function(server) { }); }); - server.get('/items/:item_id', (req, res, next) => { + server.get('/items/:item_id', auth.basic, (req, res, next) => { const select = req.user.isManager ? STAFF : PUBLIC; Item.findOne({ _id: req.params.item_id }, select, function(err, doc) { @@ -53,7 +53,7 @@ module.exports = function(server) { }); }); - server.put('/items/:item_id', (req, res, next) => { + server.put('/items/:item_id', auth.manager, (req, res, next) => { let data = req.body || {}; if (!data._id) { @@ -88,7 +88,7 @@ module.exports = function(server) { }); }); - server.del('/items/:item_id', (req, res, next) => { + server.del('/items/:item_id', auth.manager, (req, res, next) => { Item.deleteOne({ _id: req.params.item_id }, function(err) { if (err) { console.error(err); diff --git a/routes/sales.js b/routes/sales.js index 4601386..bc3824d 100644 --- a/routes/sales.js +++ b/routes/sales.js @@ -8,8 +8,8 @@ const errors = require('restify-errors'); */ const Sale = require('../models/sale'); -module.exports = function(server) { - server.post('/sales', (req, res, next) => { +module.exports = function (server, auth) { + server.post('/sales', auth.manager, (req, res, next) => { let data = req.body || {}; @@ -26,7 +26,7 @@ module.exports = function(server) { }); }); - server.get('/sales', (req, res, next) => { + server.get('/sales', auth.manager, (req, res, next) => { Sale.apiQuery(req.params, function(err, docs) { if (err) { console.error(err); @@ -40,7 +40,7 @@ module.exports = function(server) { }); }); - server.get('/sales/:sale_id', (req, res, next) => { + server.get('/sales/:sale_id', auth.manager, (req, res, next) => { Sale.findOne({ _id: req.params.sale_id }, function(err, doc) { if (err) { console.error(err); @@ -54,7 +54,7 @@ module.exports = function(server) { }); }); - server.put('/sales/:sale_id', (req, res, next) => { + server.put('/sales/:sale_id', auth.manager, (req, res, next) => { let data = req.body || {}; @@ -76,7 +76,7 @@ module.exports = function(server) { ); } - Sale.update({ _id: data._id }, data, function(err) { + Sale.updateOne({ _id: data._id }, data, function(err) { if (err) { console.error(err); return next( @@ -90,7 +90,7 @@ module.exports = function(server) { }); }); - server.del('/sales/:sale_id', (req, res, next) => { + server.del('/sales/:sale_id', auth.manager, (req, res, next) => { Sale.deleteOne({ _id: req.params.sale_id }, function(err) { if (err) { console.error(err);