#166265850 Implements role based functionality #31
Conversation
server/controllers/userController.js
Outdated
| if(!user) return util.errorStatus(res, 401, 'Not authorized'); | ||
| if(user['role'] !== 'admin'){ | ||
| return util.errorStatus(res, 401, 'Not authorized'); | ||
| } else { |
There was a problem hiding this comment.
Unnecessary 'else' after 'return' no-else-return
|
@encodedBicoding Fix all your hound issues and coverage |
encodedBicoding
requested review from
Hadeneekeh,
OvieMudi,
PelumiAlesh,
chuxmykel,
cvjude,
emp-daisy and
ocranbillions
server/db/models/user.js
Outdated
| allowNull: true | ||
| }, | ||
| role: { | ||
| type: DataTypes.ENUM('admin', 'user'), |
There was a problem hiding this comment.
I can see you defined two roles while you use three. Where was "super_admin" defined?
| profilePic: null | ||
| }, | ||
| { | ||
| firstName: process.env.SUPER_ADMIN_FIRSTNAME, |
There was a problem hiding this comment.
Why is this coming from the environment variable?
There was a problem hiding this comment.
To protect data?
There was a problem hiding this comment.
I doubt it matters for seeded users
server/controllers/userController.js
Outdated
| } | ||
| } | ||
|
|
||
| // static async checkUserRole(req, res, next) { |
There was a problem hiding this comment.
Please format your code well and also add a few line spaces to make them readable.
server/controllers/userController.js
Outdated
| return util.successStatus(res, 200, 'Password reset successfully'); | ||
| } | ||
| static async assignUserRole(req, res) { | ||
| const { id } = req.user ? req.user : req.query; |
There was a problem hiding this comment.
User id should never come from a query in this case, the token used for the request is a better option to prevent using other users details to make changes
server/controllers/userController.js
Outdated
| if( !id ) { return util.errorStatus(res, 401, 'Not Authorized'); } | ||
| try { | ||
| const superAdmin = await models.Users.findByPk(id); | ||
| if(!superAdmin || superAdmin.role !== 'super_admin') { return util.errorStatus(res, 401, 'Not Authorized'); } |
There was a problem hiding this comment.
I think the Authorization should be done in a separate file, to avoid repetition.
encodedBicoding
force-pushed
the
feat/166265850/role-based-functionality
branch
from
148006c to
4ac70aa
Compare
server/__test__/user.spec.js
Outdated
| .set('Authorization', 'bearer kjjodndsfj94mkfdsif0dfdsfmosj') | ||
| .send({email: 'john.doe@test.com', role: 'admin'}) | ||
| .end((err, res) => { | ||
| console.log(res.body) |
There was a problem hiding this comment.
Unexpected console statement no-console
server/__test__/user.spec.js
Outdated
| .set('Authorization', `bearer ${superAdminToken}`) | ||
| .send({email: 'john.doe@test.com', role: 'admin'}) | ||
| .end((err, res) => { | ||
| console.log(res.body) |
There was a problem hiding this comment.
Unexpected console statement no-console
encodedBicoding
force-pushed
the
feat/166265850/role-based-functionality
branch
from
4ac70aa to
9d327da
Compare
| const token = req.headers.authorization.split(' ')[1]; | ||
| let token = req.headers.authorization; | ||
| if(token.startsWith('bearer ')) { | ||
| token = req.headers.authorization.split(' ')[1] |
There was a problem hiding this comment.
Use array destructuring prefer-destructuring
server/controllers/userController.js
Outdated
| } | ||
|
|
||
| static async assignUserRole(req, res) { | ||
| let token = req.headers.authorization ? req.headers.authorization : req.query.token; |
There was a problem hiding this comment.
A middleware already exist for this
server/middleware/authenticator.js
Outdated
|
|
||
| const token = req.headers.authorization.split(' ')[1]; | ||
| let token = req.headers.authorization; | ||
| if(token.startsWith('bearer ')) { |
There was a problem hiding this comment.
@encodedBicoding please what is the reason for this line?
There was a problem hiding this comment.
The token is a string that starts with bearer, or doesn't. The way u implemented it before, it just splits the main token, but that line checks first if there is bearer before the main token before splitting
There was a problem hiding this comment.
Well, I think that the if block is not necessary since the split token still gets verified in the try block that follows.
There was a problem hiding this comment.
I think I understand what @encodedBicoding is trying to do. He's making a provision to just insert the token without appending the word Bearer. I think it's a good idea to take away the stress of always appending that bearer word but I don't know if it's standard. Maybe I'll look it up after demo today.
server/controllers/userController.js
Outdated
| } | ||
|
|
||
| static async assignUserRole(req, res) { | ||
| let token = req.headers.authorization ? req.headers.authorization : req.query.token; |
encodedBicoding
force-pushed
the
feat/166265850/role-based-functionality
branch
from
9d327da to
133b7a3
Compare
| const { email_confirm_code, email } = user; | ||
|
|
||
|
|
||
| if (email_confirm_code === null) return util.errorStatus(res, 403, 'Email already verified'); |
There was a problem hiding this comment.
Identifier 'email_confirm_code' is not in camel case camelcase
| }, | ||
| role: { | ||
| type: DataTypes.STRING, | ||
| allowNull: false |
There was a problem hiding this comment.
You can also set a default value so it doesn't have to stated everything
There was a problem hiding this comment.
true, default value should be user. But it is also set during signup. I just thought to leave it like that.
server/docs/hellobooks_api_doc.yaml
Outdated
| tags: | ||
| - Users | ||
| summary: Assign role to users | ||
| description: Authenticate by user role before they can perform certain actions |
There was a problem hiding this comment.
Something doesn't seem right here... Since it is a secured route, I expected to see the required security added
There was a problem hiding this comment.
Will sort that after DEMO today.
setup role based functionality [(Finishes) #166265850]
encodedBicoding
force-pushed
the
feat/166265850/role-based-functionality
branch
from
133b7a3 to
f4a0595
Compare
What does this PR do?
Implements role-based functionality.
This creates a new super admin, also creates a route that will enable the super admin assign role to other users.
This also creates a middle-ware which can be added to protect routes from unauthorized users
Description of Task to be completed?
N/A
How should this be manually tested?
N/A
Any background context you want to provide?
The middle-ware used to check if a user is an admin or a regular user before they can access a certain feature has been commented out. Please uncomment it only when you want to use it.
What are the relevant pivotal tracker stories?
#166265850
Screenshots (if appropriate)
Questions: