Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: implement new role for admin #122

Merged
merged 5 commits into from
Sep 15, 2024
Merged

Conversation

SasinduNanayakkara
Copy link
Contributor

No description provided.

Copy link

vercel bot commented Sep 1, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
bashaway-backend ⬜️ Ignored (Inspect) Visit Preview Sep 15, 2024 11:33am

@SasinduNanayakkara SasinduNanayakkara linked an issue Sep 1, 2024 that may be closed by this pull request
@ThulinaWickramasinghe ThulinaWickramasinghe marked this pull request as draft September 1, 2024 17:16

export const externalPartyProtect = asyncHandler((req) => {
if (req.headers['x-api-key'] === process.env.API_ACCESS_KEY) return;
if (req.user.role !== 'SPECTATOR') throw new createError(403, 'You are not permitted to access this resource');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if this is used along with adminProtect neither of it will allow the call to go through, since each checks for a different role, can we refactor this into a function like roleProtect which takes in a list of accepted roles and checks accordingly ?

@@ -45,7 +45,7 @@ const UserSchema = new mongoose.Schema(
},
role: {
type: String,
enum: ['ADMIN', 'GROUP'],
enum: ['ADMIN', 'GROUP', 'SPECTATOR'],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we move this into an enum like object and use it here with Object.Values()

@@ -3,7 +3,8 @@ import { genders, mealPreferences } from '@/models/user';

export const addUserSchema = {
name: Joi.string().required(),
email: Joi.string().email().required()
email: Joi.string().email().required(),
role: Joi.string().valid('ADMIN', 'SPECTATOR').required()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like in the model, can we move this into an enum like object and use it here with Object.Values()

@@ -15,7 +15,7 @@ router.use('/auth', authRouter);
router.use('/submissions', protect, submissionRouter);
router.use('/users', protect, userRouter);
router.use('/questions', protect, questionRouter);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question create update will have to be restricted as well for role SPECTATOR

@@ -15,7 +15,7 @@ router.use('/auth', authRouter);
router.use('/submissions', protect, submissionRouter);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Submission grade will have to be restricted as well for role SPECTATOR

@@ -14,7 +14,7 @@ import {
const users = express.Router();

users.post('/', adminProtect, celebrate({ [Segments.BODY]: addUserSchema }), tracedAsyncHandler(create));
users.get('/', adminProtect, tracedAsyncHandler(getAll));
users.get('/', externalPartyProtect, adminProtect, tracedAsyncHandler(getAll));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Somewhere below there's a user update route as well I guess that needs restriction as well

Base automatically changed from development to main September 14, 2024 05:06
@Akalanka47000 Akalanka47000 changed the base branch from main to development September 14, 2024 06:00
@Akalanka47000 Akalanka47000 marked this pull request as ready for review September 15, 2024 11:36
@Akalanka47000 Akalanka47000 merged commit 297716d into development Sep 15, 2024
5 checks passed
@Akalanka47000 Akalanka47000 deleted the feature/spectator branch September 15, 2024 11:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Implement Admin Role with Read-Only Permissions
2 participants