controlled rol validation to espcified rols'

mutazen · Jun 16, 2021 · 753352c · 753352c
1 parent 4d61895
commit 753352c
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 6 deletions.
diff --git a/api/controllers/auth.controller.js b/api/controllers/auth.controller.js
@@ -11,7 +11,7 @@ exports.login = (req, res) => {
         bcrypt.compare(req.body.password, user.password, (err, result) => {
           if (!result) {
             console.log(req.body)
-            return res.json({ error: 'Wrong email or password 1' })
+            return res.json({ error: 'Wrong email or password' })
           }
           const user_data = { rol: user.rol, email: user.email }
           const token = jwt.sign(
@@ -23,7 +23,7 @@ exports.login = (req, res) => {
             return res.json({ token: token, ...user_data })
         })
       } else {
-        return res.json({ error: 'Wrong email or password 2' })
+        return res.json({ error: 'Wrong email or password' })
       }
     })
     .catch(err => {

diff --git a/api/models/employees.model.js b/api/models/employees.model.js
@@ -20,7 +20,8 @@ const employeeSchema = new mongoose.Schema({
   },
   rol: {
     type: String,
-    required: true
+    required: true,
+    enum: ['Technician', 'CustomerService', 'Manager']
   },
   specialty: {
     type: Array

diff --git a/api/routes/employees.router.js b/api/routes/employees.router.js
@@ -8,7 +8,7 @@ const {
   getAllEmployees
 } = require('../controllers/employees.controller')
 
-employeesRouter.post('/', addEmployee)
+employeesRouter.post('/', checkAuth, checkManager, addEmployee)
 employeesRouter.put('/:idEmployee', checkAuth, checkManager, updateEmployee)
 employeesRouter.get('/', checkAuth, checkManager, getAllEmployees)
 employeesRouter.delete('/', checkAuth, checkManager, deleteEmployee)

diff --git a/utils/index.js b/utils/index.js
@@ -7,7 +7,7 @@ exports.checkAuth = (req, res, next) => {
 
   jwt.verify(req.headers.token, process.env.SECRET, (err, token) => {
 
-    if (err) { res.status(403).json({ error: 'Token not valid 1' }) }
+    if (err) { res.status(403).json({ error: 'Token not valid' }) }
 
     employeeModel
       .findOne({ email: token.email })
@@ -16,7 +16,7 @@ exports.checkAuth = (req, res, next) => {
           req.body.token = token
           next()
         } else {
-          res.json({ err: 'Token not valid 2' })
+          res.json({ err: 'Token not valid' })
         }
       })
   })