added isAdmin in user

2021-04-12 18:14:50 +05:30 · 2021-04-12 18:14:50 +05:30 · c3a2171908
parent 870a222650
commit c3a2171908
6 changed files with 47 additions and 8 deletions
--- a/controllers/auth.js
+++ b/controllers/auth.js
@ -29,7 +29,8 @@ module.exports.postSignup = async (req , res , next) => {
                firstName : firstName ,
                lastName : lastName ,
                email : email ,
-                password : hashedPass 
+                password : hashedPass ,
+                isAdmin : false
            }) ;
            user = await user.save() ;
            await Student.deleteOne({user:user._id}) ;
--- a/controllers/course.js
+++ b/controllers/course.js
@ -92,7 +92,7 @@ module.exports.getAllCourses = async (req , res , next) => {
    }
 }

-module.exports.meetSchedule = async (req , res , next) => {
+module.exports.getMeetSchedule = async (req , res , next) => {
    try
    {
        //we need courseTypeId as input
--- a/middleware/isAdmin.js
+++ b/middleware/isAdmin.js
@ -0,0 +1,27 @@
+const jwt = require('jsonwebtoken')
+const JWT_secret = "Cantileverlabs"
+const mongoose = require('mongoose')
+const User = mongoose.model("User")
+module.exports = async (req,res,next)=>{
+    const {authorization} = req.headers ;
+    //authorization === Bearer Cantileverlabs
+    if(!authorization){
+        return res.status(401).json({error:"You must be logged in"})
+    }
+    const token = authorization.replace("Bearer ","")
+    jwt.verify(token,JWT_secret,async (err,payload)=>{
+        if(err){
+            return res.status(401).json({error:"You must be logged in"}) ;
+        }
+        const {_id} = payload ;
+        const user = await User.findById(_id) ;
+        if(user.isAdmin)
+        {
+            next() ;
+        }
+        else
+        {
+            return res.status(401).json({error:"Not an admin"}) ;
+        }
+    })
+}
--- a/models/User.js
+++ b/models/User.js
@ -24,6 +24,9 @@ const userSchema = new Schema({
    student : {
        type : mongoose.Types.ObjectId ,
        ref: 'Student'
+    } ,
+    isAdmin : {
+        type : Boolean 
    }
    //need to add isAdmin 
 }) ;
--- a/routes/admin.js
+++ b/routes/admin.js
@ -1,12 +1,15 @@
 const express = require('express') ;
-const adminController = require('../controllers/admin')
+const adminController = require('../controllers/admin') ;
+
+const isAuth = require('../middleware/requirelogin') ;
+const isAdmin = require('../middleware/isAdmin') ;

 const router = express.Router() ;

-router.post('/addSchedule' , adminController.addSchedule) ;
+router.post('/addSchedule' ,isAuth , isAdmin , adminController.addSchedule) ;

-router.post('/editSchedule' , adminController.editSchedule) ;
+router.post('/editSchedule' ,isAuth , isAdmin , adminController.editSchedule) ;

-router.post('/deleteSchedule' , adminController.deleteSchedule) ;
+router.post('/deleteSchedule' ,isAuth , isAdmin , adminController.deleteSchedule) ;

 module.exports = router ;
--- a/routes/course.js
+++ b/routes/course.js
@ -1,12 +1,17 @@
 const express = require('express') ;
 const courseController = require('../controllers/course') ;

+const isAuth = require('../middleware/requirelogin') ;
+const isAdmin = require('../middleware/isAdmin') ;
+
 const router = express.Router() ;

-router.post('/addCourse' , courseController.postAddCourse) ;
+router.post('/addCourse' ,isAuth , isAdmin , courseController.postAddCourse) ;

 router.get('/getAllCourses' , courseController.getAllCourses) ;

-router.post('/meetSchedule' , courseController.meetSchedule) ;
+//NOTE 
+//It is a post request
+router.post('/getMeetSchedule' ,isAuth , courseController.getMeetSchedule) ;

 module.exports = router ;