socrates/duty-schedule-api
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Solved #1 and ordering in EmployeesController, added some authentication

Browse Source
This commit is contained in:
Sockenklaus
2021-10-18 00:09:00 +02:00
parent 4b222c9921
commit 63fd67bc16
2 changed files with 79 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
start/bouncer.ts
View File

@@ -34,11 +34,34 @@ import Employee from 'App/Models/Employee'
export const { actions } = Bouncer
.define('employees.index', (user: User) => {
return user.role === 'admin'
if(user.role !== 'admin') return Bouncer.deny('You are not allowed to view all employees')
return true
})
.define('employees.show', (user: User, employee : Employee) => {
return user.role === 'admin' || user.id === employee.userId
if(user.role !== 'admin' && user.id !== employee.userId){
return Bouncer.deny('You are not allowd to view employees other than yourself')
}
return true
})
.define('employees.store', (user: User) => {
if(user.role !== 'admin') return Bouncer.deny('You are not allowd to create any employees')
return true
})
.define('employees.destroy', (user: User) => {
if(user.role !== 'admin') return Bouncer.deny('You are not allowed to delete any employees')
return true
})
.define('employees.update', (user: User, editContractHours : boolean, employee: Employee) => {
if(user.id !== employee.userId && user.role !== 'admin'){
return Bouncer.deny('You are not allowed to edit employees other than yourself.')
} else if (editContractHours && user.role !== 'admin'){
return Bouncer.deny('You are not allowed to edit your contract hours.')
}
return true
})
/*