From 5814602c2667f7b5cb3c367e4648df1510c58a8a Mon Sep 17 00:00:00 2001 From: Cory House Date: Wed, 14 Nov 2018 18:36:39 -0600 Subject: [PATCH 1/4] Remove delete course feature --- src/Courses.js | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/src/Courses.js b/src/Courses.js index 518b04d..78d510b 100644 --- a/src/Courses.js +++ b/src/Courses.js @@ -17,37 +17,11 @@ class Courses extends Component { .catch(error => this.setState({ message: error.message })); } - deleteCourse(courseId) { - fetch(`/course/${courseId}`, { - method: "DELETE", - headers: { Authorization: `Bearer ${this.props.auth.getAccessToken()}` } - }) - .then(response => { - if (response.ok) return response.json(); - throw new Error("Network response was not ok."); - }) - .then(response => - this.setState(state => ({ - courses: state.courses.filter(course => course.id !== courseId) - })) - ) - .catch(error => this.setState({ message: error.message })); - } - render() { return ( ); From 69997e5aa6f21b2c762704e75567661f96aec83f Mon Sep 17 00:00:00 2001 From: Cory House Date: Wed, 14 Nov 2018 19:49:15 -0600 Subject: [PATCH 2/4] Remove unused api --- server.js | 9 --------- 1 file changed, 9 deletions(-) diff --git a/server.js b/server.js index 178cf10..40effa5 100644 --- a/server.js +++ b/server.js @@ -47,14 +47,5 @@ app.get("/course", checkJwt, checkScope(["read:courses"]), function(req, res) { }); }); -app.delete( - "/course/:courseId", - checkJwt, - checkScope(["delete:courses"]), - function(req, res) { - res.json({ message: `Deleted ${req.params.courseId}` }); - } -); - app.listen(3001); console.log("API server listening on " + process.env.REACT_APP_AUTH0_AUDIENCE); From 37475e029522c4bb651abcb7d34498d657da1c71 Mon Sep 17 00:00:00 2001 From: Cory House Date: Thu, 15 Nov 2018 09:39:28 -0600 Subject: [PATCH 3/4] add checkRole middleware and admin endpoint --- server.js | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/server.js b/server.js index 40effa5..1a5f9cc 100644 --- a/server.js +++ b/server.js @@ -47,5 +47,22 @@ app.get("/course", checkJwt, checkScope(["read:courses"]), function(req, res) { }); }); +function checkRole(role) { + return function(req, res, next) { + const assignedRoles = req.user["http://localhost:3000/roles"]; + if (Array.isArray(assignedRoles) && assignedRoles.includes(role)) { + return next(); + } else { + return res.status(401).send("Insufficient role"); + } + }; +} + +app.get("/admin", checkJwt, checkRole("admin"), function(req, res) { + res.json({ + message: "Hello from an admin API!" + }); +}); + app.listen(3001); console.log("API server listening on " + process.env.REACT_APP_AUTH0_AUDIENCE); From c635e84c2b2182458d1538aba0e9fee41e6b0b98 Mon Sep 17 00:00:00 2001 From: Cory House Date: Thu, 15 Nov 2018 09:39:38 -0600 Subject: [PATCH 4/4] Call admin role endpoint --- src/Courses.js | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/Courses.js b/src/Courses.js index 78d510b..f34ab48 100644 --- a/src/Courses.js +++ b/src/Courses.js @@ -15,6 +15,16 @@ class Courses extends Component { }) .then(response => this.setState({ courses: response.courses })) .catch(error => this.setState({ message: error.message })); + + fetch("/admin", { + headers: { Authorization: `Bearer ${this.props.auth.getAccessToken()}` } + }) + .then(response => { + if (response.ok) return response.json(); + throw new Error("Network response was not ok."); + }) + .then(response => console.log(response)) + .catch(error => this.setState({ message: error.message })); } render() {