From 471c6dacaad3c0fc7a34619afd5e953bf517782b Mon Sep 17 00:00:00 2001
From: Jacques Becker <beckej3@rpi.edu>
Date: Fri, 30 Nov 2018 13:36:45 -0500
Subject: [PATCH] added authentication requirements for create, update, and
 destroy methods

---
 server/api/room/index.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/server/api/room/index.js b/server/api/room/index.js
index 76acc923..8c9df062 100644
--- a/server/api/room/index.js
+++ b/server/api/room/index.js
@@ -7,9 +7,9 @@ var auth = require('../../auth/auth.service');
 var router = express.Router();
 
 router.get('/', controller.index); //gets all rooms
-router.get('/:location', controller.show); //gets single room based on location
-router.post('/id', controller.create); //creates a room if user is a mentor
-router.put('/id', controller.update); // updates room info if user is a mentor
-router.delete('/id', controller.destroy); // delete a room from db if user is a mentor
+router.get('/:id', controller.show); //gets single room based on location
+router.post('/id', auth.hasRole('admin'), controller.create); //creates a room if user is a mentor
+router.put('/id', auth.hasRole('admin'), controller.update); // updates room info if user is a mentor
+router.delete('/id', auth.hasRole('admin'), controller.destroy); // delete a room from db if user is a mentor
 
-module.exports = router;
\ No newline at end of file
+module.exports = router;