feat: set kader access for user endpoint (#68)

* feat: set kader access for user endpoint * feat: set new auth middleware logic
fathoor · Feb 4, 2024 · be2a753 · be2a753
1 parent 030f29e
commit be2a753
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 8 deletions.
diff --git a/core/middleware/authentication.go b/core/middleware/authentication.go
@@ -22,12 +22,33 @@ func Authenticate(role string) func(*fiber.Ctx) error {
 			claims := c.Locals("user").(*jwt.Token).Claims.(jwt.MapClaims)
 			user := claims["role"].(string)
 
-			if user == "admin" || user == role || role == "public" {
+			switch role {
+			case "public":
 				return c.Next()
-			} else {
-				panic(exception.ForbiddenError{
-					Message: "Restricted access!",
-				})
+			case "kader":
+				if user == "kader" || user == "bidan" || user == "admin" {
+					return c.Next()
+				} else {
+					panic(exception.ForbiddenError{
+						Message: "Restricted access!",
+					})
+				}
+			case "bidan":
+				if user == "bidan" || user == "admin" {
+					return c.Next()
+				} else {
+					panic(exception.ForbiddenError{
+						Message: "Restricted access!",
+					})
+				}
+			default:
+				if user == role || user == "admin" {
+					return c.Next()
+				} else {
+					panic(exception.ForbiddenError{
+						Message: "Restricted access!",
+					})
+				}
 			}
 		},
 

diff --git a/core/middleware/authorization.go b/core/middleware/authorization.go
@@ -60,6 +60,33 @@ func AuthorizeAdminOrBidan() func(*fiber.Ctx) error {
 	}
 }
 
+func AuthorizeAdminBidanOrKader() func(*fiber.Ctx) error {
+	return func(c *fiber.Ctx) error {
+		id, err := c.ParamsInt("id")
+		if err != nil {
+			panic(exception.BadRequestError{
+				Message: "Invalid parameter",
+			})
+		}
+
+		claims := c.Locals("user").(*jwt.Token).Claims.(jwt.MapClaims)
+		role := claims["role"].(string)
+		user := int(claims["id"].(float64))
+
+		if role == "admin" || role == "bidan" || role == "kader" {
+			return c.Next()
+		}
+
+		if user == id {
+			return c.Next()
+		} else {
+			panic(exception.UnauthorizedError{
+				Message: "Unauthorized access!",
+			})
+		}
+	}
+}
+
 func AuthorizeRole() func(*fiber.Ctx) error {
 	return func(c *fiber.Ctx) error {
 		role := c.Params("role")

diff --git a/module/user/controller/user_controller_impl.go b/module/user/controller/user_controller_impl.go
@@ -18,10 +18,10 @@ func (controller *userControllerImpl) Route(app *fiber.App) {
 	auth.Post("/login", controller.Login)
 
 	user := app.Group("/v1/user", middleware.Authenticate("public"))
-	user.Post("/register", middleware.Authenticate("bidan"), controller.Register)
-	user.Get("/", middleware.Authenticate("bidan"), controller.GetAll)
+	user.Post("/register", middleware.Authenticate("kader"), controller.Register)
+	user.Get("/", middleware.Authenticate("kader"), controller.GetAll)
 	user.Get("/role/:role", middleware.AuthorizeRole(), controller.GetByRole)
-	user.Get("/:id", middleware.AuthorizeAdminOrBidan(), controller.GetByID)
+	user.Get("/:id", middleware.AuthorizeAdminBidanOrKader(), controller.GetByID)
 	user.Put("/:id", middleware.AuthorizeAdminOrBidan(), controller.Update)
 	user.Put("/:id/auth", middleware.AuthorizeUser(), controller.UpdateAuth)
 	user.Delete("/:id", middleware.Authenticate("bidan"), controller.Delete)