mifi/Eventment-API
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- Updating routes with security

Browse Source
This commit is contained in:
Mike Fitzpatrick
2019-07-04 16:45:49 -04:00
parent dd3552dee4
commit 6d5d238d34
5 changed files with 34 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
routes/items.js
View File

@@ -4,8 +4,8 @@ const errors = require('restify-errors');
const Item = require('../models/item');
const { PUBLIC, STAFF } = require('../strategies/selects/item');
module.exports = function(server) {
server.post('/items', (req, res, next) => {
module.exports = function (server, auth) {
server.post('/items', auth.manager, (req, res, next) => {
const data = req.body || {};
const item = new Item(data);
@@ -21,7 +21,7 @@ module.exports = function(server) {
});
});
server.get('/items', (req, res, next) => {
server.get('/items', auth.basic, (req, res, next) => {
const select = req.user.isManager ? STAFF : PUBLIC;
Item.find(req.params, select, function(err, docs) {
@@ -37,7 +37,7 @@ module.exports = function(server) {
});
});
server.get('/items/:item_id', (req, res, next) => {
server.get('/items/:item_id', auth.basic, (req, res, next) => {
const select = req.user.isManager ? STAFF : PUBLIC;
Item.findOne({ _id: req.params.item_id }, select, function(err, doc) {
@@ -53,7 +53,7 @@ module.exports = function(server) {
});
});
server.put('/items/:item_id', (req, res, next) => {
server.put('/items/:item_id', auth.manager, (req, res, next) => {
let data = req.body || {};
if (!data._id) {
@@ -88,7 +88,7 @@ module.exports = function(server) {
});
});
server.del('/items/:item_id', (req, res, next) => {
server.del('/items/:item_id', auth.manager, (req, res, next) => {
Item.deleteOne({ _id: req.params.item_id }, function(err) {
if (err) {
console.error(err);