One shot of admin and staff middlewares - hope so

89afdc13 · Fabien Zucchet · 4a05948a · 89afdc13 · 89afdc13 · 89afdc13
Commit 89afdc13 authored 4 years ago by Fabien Zucchet
--- a/back/src/controllers/administrateur.controller.js
+++ b/back/src/controllers/administrateur.controller.js
@@ -157,4 +157,13 @@ async function getUsersPerformance(req, res) {
  }
 }

-module.exports = { getAdministrateurs, addNewAdministrateur, updateAdministrateur, deleteAdministrateur, getAdminsLogins, getUsers }
+function isAdminMiddleware(req, res, next) {
+  const login = req.session.ids.user.login || '';
+  const admins = getAdminsLogins();
+  if (admins.includes(login)) {
+    return next();
+  }
+  res.status(403).send('You have no right to request this url');
+}
+
+module.exports = { getAdministrateurs, addNewAdministrateur, updateAdministrateur, deleteAdministrateur, getAdminsLogins, getUsers, isAdminMiddleware }
--- a/back/src/controllers/auth.controller.js
+++ b/back/src/controllers/auth.controller.js
--- a/back/src/controllers/staffeurs.controller.js
+++ b/back/src/controllers/staffeurs.controller.js
@@ -72,4 +72,13 @@ function getStaffeursLogins(req, res) {
  con.end();
 }

-module.exports = { getStaffeurs, addNewStaffeur, deleteStaffeur, getStaffeursLogins }
+function isStaffMiddleware(req, res, next) {
+  const login = req.session.ids.user.login || '';
+  const staffs = getStaffLogins();
+  if (staffs.includes(login)) {
+    return next();
+  }
+  res.status(403).send('You have no right to request this url');
+}
+
+module.exports = { getStaffeurs, addNewStaffeur, deleteStaffeur, getStaffeursLogins, isStaffMiddleware }
--- a/back/src/index.js
+++ b/back/src/index.js
@@ -4,7 +4,10 @@ var cookieParser = require('cookie-parser');

 var apiRouter = require('./routes/api');
 var apiAdminRouter = require('./routes/apiAdmin');
+var apiStaffRouter = require('./routes/apiStaff');
 var oauth = require('./controllers/auth.controller');
+var admin = require('./controllers/administrateur.controller');
+var staff = require('./controllers/staffeurs.controller');

 var app = express();

@@ -15,7 +18,8 @@ app.use(express.json());
 app.use(express.urlencoded({ extended: false }));

 app.use('/api', apiRouter);
-app.use('/api/admin', oauth.authMiddleware, apiAdminRouter);
+app.use('/api/staff', oauth.authMiddleware, staff.isStaffMiddleware, apiStaffRouter);
+app.use('/api/admin', oauth.authMiddleware, admin.isAdminMiddleware, apiAdminRouter);

 app.get('/api/login', function (req, res) {
  res.redirect(oauth.getRedirectURI());

--- a/back/src/routes/apiStaff.js
+++ b/back/src/routes/apiStaff.js
+var express = require('express');
+var router = express.Router();
+
+var controller = require('../controller')
+
+router.post('/new_participant_with_id', controller.participant.addNewParticipantWithId);
+router.post('/new_score', controller.scores.addNewScore);
+
+
+module.exports = router;
--- a/front/src/app/administration/gestionScore/NouveauScore.js
+++ b/front/src/app/administration/gestionScore/NouveauScore.js
@@ -5,7 +5,7 @@ import { useForm } from 'react-hook-form';
 export function AddScoreForm() {

  const addScore = (props) => {
-    axios.post('/api/admin/new_score',
+    axios.post('/api/staff/new_score',
      {
        score: props.score,
        equipe: props.equipe,

--- a/front_thomas/src/components/Login/Gestion/gestionScore/NouveauScore.js
+++ b/front_thomas/src/components/Login/Gestion/gestionScore/NouveauScore.js
@@ -5,7 +5,7 @@ import { useForm } from 'react-hook-form';
 export function AddScoreForm() {

  const addScore = (props) => {
-    axios.post('/api/admin/new_score',
+    axios.post('/api/staff/new_score',
      {
        score: props.score,
        equipe: props.equipe,

--- a/front_thomas/src/components/Login/SubmitForm.js
+++ b/front_thomas/src/components/Login/SubmitForm.js
@@ -18,25 +18,26 @@ function Submit (props) {
    function addScore() {

        /*if (participants[0] === undefined) {
-            axios.post('/api/admin/new_participant_with_id',
+            axios.post('/api/staff/new_participant_with_id',
        {
            id: props.participant.value,
            name: props.participant.label
        })
        }*/

-        axios.post('/api/admin/new_score',
+        axios.post('/api/staff/new_score',
            {
                score: Math.max(0, props.score),
                equipe: props.equipe.value,
                participant: props.participant.value
            })
            .then(() => {
-        axios.post('/api/admin/new_participant_with_id',
+                axios.post('/api/staff/new_participant_with_id',
                    {
                        id: props.participant.value,
                        name: props.participant.label
-            })})
+                    })
+            })
            .then(() => {
                alert("Score ajouté");
                window.location = '/Input';