- Updating routes with security

routes/bids.js

@@ -2,8 +2,8 @@ const errors = require('restify-errors');
 
 const Bid = require('../models/bid');
 
-module.exports = function(server) {
-	server.post('/bids', (req, res, next) => {
+module.exports = function (server, auth) {
+	server.post('/bids', auth.manager, (req, res, next) => {
 
 		let data = req.body || {};
 
@@ -20,7 +20,7 @@ module.exports = function(server) {
 		});
 	});
 
-	server.get('/bids', (req, res, next) => {
+	server.get('/bids', auth.manager, (req, res, next) => {
 		Bid.apiQuery(req.params, function(err, docs) {
 			if (err) {
 				console.error(err);
@@ -34,7 +34,7 @@ module.exports = function(server) {
 		});
 	});
 
-	server.get('/bids/:bid_id', (req, res, next) => {
+	server.get('/bids/:bid_id', auth.manager, (req, res, next) => {
 		Bid.findOne({ _id: req.params.bid_id }, function(err, doc) {
 			if (err) {
 				console.error(err);
@@ -48,8 +48,7 @@ module.exports = function(server) {
 		});
 	});
 
-	server.put('/bids/:bid_id', (req, res, next) => {
-
+	server.put('/bids/:bid_id', auth.manager, (req, res, next) => {
 		let data = req.body || {};
 
 		if (!data._id) {
@@ -70,7 +69,7 @@ module.exports = function(server) {
 				);
 			}
 
-			Bid.update({ _id: data._id }, data, function(err) {
+			Bid.updateOne({ _id: data._id }, data, function(err) {
 				if (err) {
 					console.error(err);
 					return next(
@@ -84,7 +83,7 @@ module.exports = function(server) {
 		});
 	});
 
-	server.del('/bids/:bid_id', (req, res, next) => {
+	server.del('/bids/:bid_id', auth.manager, (req, res, next) => {
 		Bid.deleteOne({ _id: req.params.bid_id }, function(err) {
 			if (err) {
 				console.error(err);