Current to Part 12

app/routes/user.js

@@ -1,6 +1,7 @@
 var bodyParser = require('body-parser');
 var jwt = require('jsonwebtoken');
 var User = require('../models/user');
+var _ = require('underscore');
 
 var superSecret = 'TheAmazingKreskin';
 
@@ -23,7 +24,8 @@ module.exports = function (app, express) {
                     var token = jwt.sign({
                         name: user.name,
                         email: user.email,
-                        _id: user._id
+                        _id: user._id,
+                        permissions: user.permissions
                     }, superSecret, {
                         expiresInMinutes: 1440
                     });
@@ -116,10 +118,14 @@ module.exports = function (app, express) {
             });
         })
         .delete(function (req, res) {
-            User.remove({_id: req.params.user_id}, function (err, user) {
-                if (err) res.send(err);
-                res.json({});
-            })
+            if (_.contains(req.decoded.permissions, 'admin')){
+                User.remove({_id: req.params.user_id}, function (err, user) {
+                    if (err) res.send(err);
+                    res.json({});
+                })
+            } else {
+                return res.status(403).send({success: false, message: 'User is not authorized to delete users'});
+            }
         });
 
     return userRouter;

bower.json

@@ -26,7 +26,8 @@
     "datatables": "~1.10.5",
     "datatables-bootstrap3-plugin": "~0.3.0",
     "backbone.bootstrap-modal": "~0.9.0",
-    "backbone.stickit": "~0.8.0"
+    "backbone.stickit": "~0.8.0",
+    "toastr": "~2.1.0"
   },
   "resolutions": {
     "jquery": ">= 1.9.1"

package.json

@@ -14,6 +14,7 @@
     "express": "^4.11.2",
     "jsonwebtoken": "^3.2.2",
     "mongoose": "^3.8.23",
-    "morgan": "^1.5.1"
+    "morgan": "^1.5.1",
+    "underscore": "^1.8.2"
   }
 }

public/app/app.js

@@ -4,6 +4,7 @@ define(function (require) {
 
     var globals = require('globals');
     var mediator = require('mediator');
+    var Permissions = require('permissions');
 
     function _authenticated(response) {
         window.localStorage.setItem(globals.auth.TOKEN_KEY, response.token);
@@ -30,6 +31,7 @@ define(function (require) {
     var User = require('users/model');
     var _user;
     var _applicationInfo;
+    var _permissions;
 
     function _initialize() {
         var d = $.Deferred();
@@ -53,6 +55,7 @@ define(function (require) {
             _user = new User({_id: window.localStorage.getItem(globals.auth.USER_KEY)});
             _user.fetch().success(function () {
                 mediator.trigger('page:updateUserInfo');
+                _permissions = new Permissions(_user.get('permissions'));
                 d.resolve();
             });
         } else {
@@ -69,11 +72,15 @@ define(function (require) {
         return _user || new User();
     }
 
+    function _getPermissions() {
+        return _permissions;
+    }
     return {
         isAuthenticated: _isAuthenticated,
         initialize: _initialize,
         initializeUser: _initializeUser,
         getApplicationInfo: _getApplicationInfo,
-        getUser: _getUser
+        getUser: _getUser,
+        getPermissions: _getPermissions
     }
 });

public/app/main.js

@@ -3,6 +3,7 @@ define(function (require) {
     var globals = require('globals');
     var Router = require('router');
     var mediator = require('mediator');
+    var toastr = require('toastr');
 
     _.extend(Backbone.View.prototype, {
         // Handle cleanup of view.
@@ -39,6 +40,29 @@ define(function (require) {
         statusCode: {
             401: function (context) {
                 mediator.trigger('router:navigate', {route: 'login', options: {trigger: true}});
+            },
+
+            403: function(context){
+                console.log('message', context.responseJSON.message);
+                toastr.options = {
+                    "closeButton": false,
+                    "debug": false,
+                    "newestOnTop": false,
+                    "progressBar": false,
+                    "positionClass": "toast-top-center",
+                    "preventDuplicates": false,
+                    "onclick": null,
+                    "showDuration": "300",
+                    "hideDuration": "1000",
+                    "timeOut": "5000",
+                    "extendedTimeOut": "1000",
+                    "showEasing": "swing",
+                    "hideEasing": "linear",
+                    "showMethod": "fadeIn",
+                    "hideMethod": "fadeOut"
+                };
+
+                toastr["error"](context.responseJSON.message);
             }
         },
         beforeSend: function (xhr) {

public/app/permissions.js

@@ -0,0 +1,13 @@
+define(function (require) {
+
+    'use strict';
+
+    var _ = require('underscore');
+
+    return function(permissions){
+        this.isAdmin = function(){
+            return _.contains(permissions, 'admin');
+        };
+    }
+
+});

public/app/users/list.hbs

@@ -17,7 +17,7 @@
             <td>
                 <div class="pull-right">
                     <button data-id="{{_id}}" class="btn btn-danger btn-sm js-deleteUser">Delete</button>
-                    <button data-id="{{_id}}" class="btn btn-success btn-sm js-editUser">Edit</button>
+                    {{#if ../admin}}<button data-id="{{_id}}" class="btn btn-success btn-sm js-editUser">Edit</button>{{/if}}
                 </div>
             </td>
         </tr>

public/app/users/listView.js

@@ -4,6 +4,7 @@ define(function (require) {
     var Backbone = require('backbone');
     var mediator = require('mediator');
     var template = require('hbs!users/list');
+    var app = require('app');
 
     var SingleView = require('users/singleView');
     require('bootstrap-modal');
@@ -24,7 +25,7 @@ define(function (require) {
         },
 
         render: function () {
-            this.$el.html(template({users: this.collection.toJSON()}));
+            this.$el.html(template({users: this.collection.toJSON(), admin: app.getPermissions().isAdmin() }));
             this.$('table').DataTable({
                 "aoColumns": [
                     null,
@@ -46,8 +47,8 @@ define(function (require) {
         deleteUser: function(e){
             var self = this;
             var id = $(e.currentTarget).attr('data-id');
-            var user = this.collection.get(id)
-            user.destroy().done(function(){
+            var user = this.collection.get(id);
+            user.destroy({wait: true}).done(function(){
                 self.collection.remove(user);
                 self.render();
             });

public/index.html

@@ -8,6 +8,7 @@
     <link rel="stylesheet" href="components/font-awesome/css/font-awesome.css">
     <link rel="stylesheet" href="components/datatables-bootstrap3-plugin/media/css/datatables-bootstrap3.css">
     <link rel="stylesheet" href="assets/css/style.css">
+    <link rel="stylesheet" href="components/toastr/toastr.css">
 
     <script src="components/requirejs/require.js" data-main="require-main.js"></script>
 </head>

public/require-main.js

@@ -12,7 +12,8 @@ requirejs.config({
         "datatables-bootstrap3": "../components/datatables-bootstrap3-plugin/media/js/datatables-bootstrap3",
         "bootstrap-modal": "../components/bootstrap/js/modal",
         "backbone.bootstrap-modal": "../components/backbone.bootstrap-modal/src/backbone.bootstrap-modal",
-        "stickit" : "../components/backbone.stickit/backbone.stickit"
+        "stickit" : "../components/backbone.stickit/backbone.stickit",
+        "toastr" : "../components/toastr/toastr"
     }
 });