Week 2 - 5

ryklovae · Feb 17, 2023 · c630af5de484b3ba8f16be6f9c428eab4ec44c71 · c630af5
1 parent d066fb5
commit c630af5de484b3ba8f16be6f9c428eab4ec44c71
Show file tree

Hide file tree

Showing 15 changed files with 458 additions and 62 deletions.
diff --git a/docs/index.html b/docs/index.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Blog API Docs</title>
+    <meta charset="utf-8"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link href="https://fonts.googleapis.com/css?family=Montserrat:300,400,700|Roboto:300,400,700" rel="stylesheet">
+
+    <style>
+      body {
+        margin: 0;
+        padding: 0;
+      }
+    </style>
+  </head>
+  <body>
+    <redoc spec-url='../schemas/openapi.yaml'></redoc>
+    <script src="https://cdn.jsdelivr.net/npm/redoc@next/bundles/redoc.standalone.js"> </script>
+  </body>
+</html>
diff --git a/fetches.js b/fetches.js
@@ -1,9 +1,20 @@
 // Articles
-
-const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/articles/2', {
+//bob
+const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/articles/52', {
     method: 'PUT',
-	headers: {
-		'Content-type': 'application/json'
+		headers: {
+				'Content-type': 'application/json',
+        'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImJvYiIsImlhdCI6MTY3NjU1NDYzMH0.Yd-ib9Wito-9oC9Y5jLJtMeEjzAZqRiCmeFmMYjMWxk'
+	},
+    body: JSON.stringify({title: "test", allText: 'Textual content'})
+});
+fetchPromise.then(res => res.json()).then(res => console.log(res))
+//alice - admin
+const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/articles/49', {
+    method: 'PUT',
+		headers: {
+				'Content-type': 'application/json',
+        'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFsaWNlIiwiaWF0IjoxNjc2MDQyMjM4fQ.NHe2T1WK6JJ2eIxPjUJLqgKxDEDevo4hHxoeM7LyhPE'
 	},
     body: JSON.stringify({title: "test", allText: 'Textual content'})
 });
@@ -24,8 +35,22 @@ const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/ap
 fetchPromise.then(res => res.json()).then(res => console.log(res))
 
 
-const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/articles/1', {
-    method: 'DELETE'
+//bob
+const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/articles/48', {
+    method: 'DELETE',
+		headers: {
+				'Content-type': 'application/json',
+        'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImJvYiIsImlhdCI6MTY3NjU1NDYzMH0.Yd-ib9Wito-9oC9Y5jLJtMeEjzAZqRiCmeFmMYjMWxk'
+	}
+});
+fetchPromise.then(res => res.json()).then(res => console.log(res))
+//alice - admin
+const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/articles/48', {
+    method: 'DELETE',
+		headers: {
+				'Content-type': 'application/json',
+        'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFsaWNlIiwiaWF0IjoxNjc2MDQyMjM4fQ.NHe2T1WK6JJ2eIxPjUJLqgKxDEDevo4hHxoeM7LyhPE'
+	}
 });
 fetchPromise.then(res => res.json()).then(res => console.log(res))
 
@@ -41,7 +66,11 @@ const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/ap
 fetchPromise.then(res => res.json()).then(res => console.log(res))
 
 const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/users/1', {
-    method: 'DELETE'
+    method: 'DELETE',
+	headers: {
+		'Content-type': 'application/json',
+    'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFsaWNlIiwiaWF0IjoxNjc2MDQyMjM4fQ.NHe2T1WK6JJ2eIxPjUJLqgKxDEDevo4hHxoeM7LyhPE'
+	},
 });
 fetchPromise.then(res => res.json()).then(res => console.log(res))
 
@@ -54,6 +83,24 @@ const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/ap
 });
 fetchPromise.then(res => res.json()).then(res => console.log(res))
 
+// admin role
+const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/users', {
+    method: 'GET',
+	headers: {
+		'Content-type': 'application/json',
+        'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFsaWNlIiwiaWF0IjoxNjc2MDQyMjM4fQ.NHe2T1WK6JJ2eIxPjUJLqgKxDEDevo4hHxoeM7LyhPE'
+	}
+});
+fetchPromise.then(res => res.json()).then(res => console.log(res))
+// user role
+const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/users', {
+    method: 'GET',
+	headers: {
+		'Content-type': 'application/json',
+        'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InVzZXIiLCJpYXQiOjE2NzU0NDQ1NzJ9.fY_mVuuxpidoOAzZnARyZFb14RXPa2U8ULS5EYrbcfk'
+	}
+});
+fetchPromise.then(res => res.json()).then(res => console.log(res))
 // JWT
 // correct credentials
 const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/users/login', {

diff --git a/models/roles.js b/models/roles.js
@@ -0,0 +1,23 @@
+
+const { Sequelize, DataTypes } = require("sequelize");
+
+const sequelize = require('../db');
+const Role = sequelize.define("roles", {
+   name: {
+     type: DataTypes.STRING(16),
+     primaryKey: true,
+     allowNull: false,
+     unique: true
+   },
+   description: {
+     type: DataTypes.TEXT,
+   },
+}, {
+    timestamps: false
+});
+
+sequelize.sync().then(() => {
+   console.log('Role table created successfully!');
+}).catch((error) => {
+   console.error('Unable to create table : ', error);
+});
diff --git a/models/users.js b/models/users.js
@@ -39,12 +39,17 @@ const User = sequelize.define("users", {
    },
    avatarURL: {
      type: DataTypes.STRING,
+   },
+   role: {
+     type: DataTypes.STRING(16),
+     defaultValue: "user",
+    allowNull: false,
    }
 }, {
     timestamps: false
 });
 
-sequelize.sync().then(() => {
+sequelize.sync({ alter: true }).then(() => {
    console.log('User table created successfully!');
 }).catch((error) => {
    console.error('Unable to create table : ', error);
@@ -76,7 +81,6 @@ exports.add = async function add(user) {
   user.password = hash;
   console.log(user);
   try {
-
     const data = await User.create(user);
     return data;
   }

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -25,6 +25,7 @@
     "passport-http": "^0.3.0",
     "passport-jwt": "^4.0.1",
     "promise-mysql": "^5.2.0",
+    "role-acl": "^4.5.4",
     "sequelize": "^6.28.0"
   }
 }
diff --git a/permissions/articles.js b/permissions/articles.js
@@ -0,0 +1,13 @@
+const AccessControl = require('role-acl')
+const ac = new AccessControl();
+
+ac.grant(['user', 'admin']).condition({Fn:'EQUALS', args: {'requester':'$.owner'}}).execute('update')
+  .on('article');
+
+ac.grant('admin').execute('delete').on('article');
+
+exports.update = (requester, authorId) =>
+ac.can(requester.role).context({requester:requester.ID, owner:authorId}).execute('update').sync().on('article');
+
+exports.delete = (requester) =>
+ac.can(requester.role).execute('delete').sync().on('article');