From fd1ec8a7bc2c01ca3b368325aa45dd8d8b5dd6b1 Mon Sep 17 00:00:00 2001
From: conniepocky <c.amer@icloud.com>
Date: Sun, 20 Jan 2019 15:01:05 +0000
Subject: [PATCH] Admin  restrictions

---
 src/routes/.users.js.swo  | Bin 0 -> 12288 bytes
 src/routes/index.js       |   2 +-
 src/routes/users.js       |   9 ++++++---
 src/views/index.ejs       |   3 +--
 src/views/users/index.ejs |   4 +++-
 src/views/users/new.ejs   |   2 +-
 6 files changed, 12 insertions(+), 8 deletions(-)
 create mode 100644 src/routes/.users.js.swo

diff --git a/src/routes/.users.js.swo b/src/routes/.users.js.swo
new file mode 100644
index 0000000000000000000000000000000000000000..40ebcc52cafc2c32cafbcecc3461d59f5ffa245c
GIT binary patch
literal 12288
zcmeI2O>Z1E7{}cnD20~t@&%q0!OTk8*|hXfZIp_JfJoJskiJmS7RkHg**H5pp4v0r
zEK%UXu?Hj$MTkoeg|ASA!~t;u32}h~0+k-&g!lr8zdbui^P+;v0gAlJFO!*hY(LNc
zd2DMHccw1PpQ5AD6vO99#yZ#ME?=KI!QvB)byb#0VPD+;Q`t3NU1%=wYciE8Yo6qJ
zq4MUTBh5}SwX#yRf4eel%?Z=T+g2(&n(GnI^X3xo_Ia^{mdmDT3a*PKp+(E+ZcD4O
z5T;ccp-r@G?(d3!>lN?{?4&?hB+aAy*$amcxvBo_!3lci>GL~T`e$ANuYgy;E8rFI
z3U~#)0$u^H!2eW%BHzW{L2SFn@tq!DcWt?jZ~et9;1%!+cm=!yUIDLwSHLUa74Qmp
z1-t@Yfrn559y5085yo!rf%EwPfBpUc&H=_g0Uv{R!A0;oI0hK_{t3pu17CuhpbvT=
z0gGTC_+dX|UxORqeb50{z-4d(>;XUTW9&0<3w#I+P+%EIa1lHO?mW)ex8Ni20k{Dc
z!E0b190q?p#@J8b8*m$}fe|Qx0T;pZ;K#j;y$9X^FM{X50r1<SjQt9J0e8Vy;1(#s
zo8Sy+gWceF==BBo9DE9H1E=9bSOeZ=uYgy;E8rFQ?<gSFKP$P?1;rxaWm=Fs4X3BE
zxiuQojA#uIX<;HQvRLRaa0lgDnHUC>v}$iANocKfo5Y%HLey%}K;o2LAI)5QJXjRX
zst3Z+J4%!ukWub$+Xr=dMqQ<~=oa>&)UF*4^cj_kXvlRIipn9F7TqP>(W<kle2b-R
z8V0Rk?1L6pqa@{KDGX$mC^#FOmAy>FROS<OS`8^xJ(5{%4;Rm!nLE>_<0<?yFx_xY
zW>pw`$Ynv+-^lQ5B6LF)dIV44N*#U9jTtH(w;|irsH5UhR6nX5Mnr8oIE!f2Q0Rk`
z?x`4XncmaH-P>1IgKAKkA;?bWF@9)chs##Wx!H)$ElET8;nabLL+BTi%IK`PT8dP@
zB?3b^4n5j1&?*y<p-_|yJ%G8$x_XosB3>AK4p|5RAT7uf!2-4h>372=Qlz$Z)zv)3
zDhr%{?ycbiG49uOsQJK9p=GyE+|aC2eM9!>C3QrXLrM4=#H^~iC|Aa%aI(traWl%g
zA-BINgqD-G4jVLc40<Dqm$cx8K*+9uLYJ~KZ~SHHidYugYd0#?S@@at!bY9Q2dF+C
z4`f!IC9Ml<heEU&L>b0#KPFRlyTX{HOw&=_=Kh6NrEOi_2uXUGV@iZBHBKNa$t8Dt
z1yxhm;rI#47Rjq;c2VlgO>j)uqBP-=sUwZZW;+a=pP4F924xmk&dG$r3EO=&|29=;
z<+g1VB{GX=M+<$MH<Z6EgGk00d2_1UGDa#yW=btis$NgT^I6#Vd-*@_1RUpoQ`Yxx
zU$5YfSgEsastm7@NKt{SY;V27ZCOQR;@r2<MjEr0W@ad;=WVc600X7BC~!PY!&N)j
zIO?7l*Y|@(d_iLR^E7o8kCV#dHF|rrJC=Bc3L6KG^xKgCozzz%{FBT(9c)$*12zqO
z#jN7mF2p_CRGX{->zh@r#-_|v<~yu4cI&{5b^De(xQ-=x%QQsxF9mMZwtI~&m*C2@
zU8i2L3ntcIp>mWE$J)2v(k`q670YCVlw$31OQ=nr8z{0T<S|g?BKlvnN7c36c9<Nv
zZQJdIZk?n=s{sX3WRJbKHl7F5we70gIcROe5<_DKz+%H>b78I<!;uX8YqNUY#MX(O
S^PZk7&(_VwN{(FEp8o`A<Q6Re

literal 0
HcmV?d00001

diff --git a/src/routes/index.js b/src/routes/index.js
index 4e962d1..24824f7 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -11,7 +11,7 @@ import catchAsync from '../lib/catchAsync';
 const router = Router();
 
 router.use('/books', books);
-router.use('/users', users);
+router.use('/admin/users', users);
 router.use('/sessions', sessions);
 router.use('/loans', loans);
 
diff --git a/src/routes/users.js b/src/routes/users.js
index 3f454c9..23a9a04 100644
--- a/src/routes/users.js
+++ b/src/routes/users.js
@@ -25,8 +25,11 @@ router.get('/:id', ensureLoggedIn(), catchAsync(async (req, res) => {
 // View all users
 router.get('/', ensureLoggedIn(), catchAsync(async (req, res) => {
   const users = await User.findAll({});
-
-  res.render('users/index', {users});
+  if(req.user.role == 'Borrower') {
+	  res.redirect('/');
+  } else {
+  	res.render('users/index', {users});
+  }
 }));
 
 // Update a user
@@ -41,7 +44,7 @@ router.post('/:id', ensureLoggedIn(), catchAsync(async (req, res) => {
   try {
     await user.save();
     req.flash('info', 'User updated successfully');
-    res.redirect('/users');
+    res.redirect('/admin/users');
   } catch(e) {
     console.warn(e);
     res.render('users/edit', {user, error: e.toString()});
diff --git a/src/views/index.ejs b/src/views/index.ejs
index 048ed07..036cb3a 100644
--- a/src/views/index.ejs
+++ b/src/views/index.ejs
@@ -10,10 +10,9 @@
   <li><a href='/books'>View available books</a></li>
 
   <% if (!currentUser) { %>
-    <li><a href='/users/new'>Sign up</a></li>
+    <li><a href='/admin/users/new'>Sign up</a></li>
     <li><a href='/sessions/new'>Sign in</a></li>
   <% } else { %>
-    <li><a href='/users'>List of Users</a></li>
     <li>
       <form action='/sessions/destroy' method='post'>
         <button type='submit'>Logout</button>
diff --git a/src/views/users/index.ejs b/src/views/users/index.ejs
index 6464025..4de3e23 100644
--- a/src/views/users/index.ejs
+++ b/src/views/users/index.ejs
@@ -3,9 +3,11 @@
     UserID: <%- users.id %>
     Email: <%- users.email %>
     Role: <%- users.role %>
-    <a href="/users/<%- users.id %>">Edit</a>
+    <a href="/admin/users/<%- users.id %>">Edit</a>
   </p>
   <hr>
 <% }) %>
 
+
 <p><a href='/'>Home</a></p>
+
diff --git a/src/views/users/new.ejs b/src/views/users/new.ejs
index b229506..23ac85a 100644
--- a/src/views/users/new.ejs
+++ b/src/views/users/new.ejs
@@ -8,7 +8,7 @@
 
 <p>Sign up</p>
 
-<form action='/users' method='post'>
+<form action='/admin/users' method='post'>
 
   <p>
     <label>