diff --git a/server.js b/server.js index 178cf10..1a5f9cc 100644 --- a/server.js +++ b/server.js @@ -47,14 +47,22 @@ app.get("/course", checkJwt, checkScope(["read:courses"]), function(req, res) { }); }); -app.delete( - "/course/:courseId", - checkJwt, - checkScope(["delete:courses"]), - function(req, res) { - res.json({ message: `Deleted ${req.params.courseId}` }); - } -); +function checkRole(role) { + return function(req, res, next) { + const assignedRoles = req.user["http://localhost:3000/roles"]; + if (Array.isArray(assignedRoles) && assignedRoles.includes(role)) { + return next(); + } else { + return res.status(401).send("Insufficient role"); + } + }; +} + +app.get("/admin", checkJwt, checkRole("admin"), function(req, res) { + res.json({ + message: "Hello from an admin API!" + }); +}); app.listen(3001); console.log("API server listening on " + process.env.REACT_APP_AUTH0_AUDIENCE); diff --git a/src/Courses.js b/src/Courses.js index 518b04d..f34ab48 100644 --- a/src/Courses.js +++ b/src/Courses.js @@ -15,22 +15,15 @@ class Courses extends Component { }) .then(response => this.setState({ courses: response.courses })) .catch(error => this.setState({ message: error.message })); - } - deleteCourse(courseId) { - fetch(`/course/${courseId}`, { - method: "DELETE", + fetch("/admin", { headers: { Authorization: `Bearer ${this.props.auth.getAccessToken()}` } }) .then(response => { if (response.ok) return response.json(); throw new Error("Network response was not ok."); }) - .then(response => - this.setState(state => ({ - courses: state.courses.filter(course => course.id !== courseId) - })) - ) + .then(response => console.log(response)) .catch(error => this.setState({ message: error.message })); } @@ -38,16 +31,7 @@ class Courses extends Component { return ( );