added permission to GET /users

emirhanyagci · Jun 9, 2024 · d9edff8 · d9edff8
1 parent b5ab564
commit d9edff8
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 4 deletions.
diff --git a/backend/controllers/userControllers.js b/backend/controllers/userControllers.js
@@ -11,7 +11,12 @@ const asyncHandler = require("express-async-handler");
 // @route GET /users
 // @access Private
 exports.getAllUser = asyncHandler(async (req, res, next) => {
-  const users = await User.find().select("-password").lean();
+  const user = res.user;
+  const isEmployee = user.roles.length === 1 && user.roles.includes("Employee");
+
+  const users = await User.find(isEmployee ? { username: user.username } : null)
+    .select("-password")
+    .lean();
   if (!users.length) {
     return res.status(400).json({ message: "No user found" });
   }

diff --git a/backend/middleware/verifyJWT.js b/backend/middleware/verifyJWT.js
@@ -10,6 +10,7 @@ const verifyJWT = (req, res, next) => {
   const token = authHeader.split(" ")[1];
   jwt.verify(token, process.env.ACCESS_TOKEN_SECRET, (err, decoded) => {
     if (err) return res.status(403).json({ message: "Forbidden" });
+
     res.user = decoded;
     next();
   });

diff --git a/backend/routes/userRoutes.js b/backend/routes/userRoutes.js
@@ -7,6 +7,7 @@ const {
   deleteUser,
 } = require("../controllers/userControllers");
 const verifyJWT = require("../middleware/verifyJWT");
+
 // all note operates required to be authed
 router.use(verifyJWT);
 

diff --git a/frontend/src/features/auth/Login.tsx b/frontend/src/features/auth/Login.tsx
@@ -17,12 +17,13 @@ import { useDispatch } from "react-redux";
 import { setCredentials } from "./authSlice";
 import { useNavigate } from "react-router-dom";
 import usePersist from "./usePersist";
+import { LoadingSpinner } from "@/components/LoadingSpinner";
 export default function Login() {
   const [username, setUsername] = useState("");
   const [password, setPassword] = useState("");
   const [errMsg, setErrMsg] = useState("");
   const [persist, setPersist] = usePersist();
-  const [login] = useLoginMutation();
+  const [login, { isLoading }] = useLoginMutation();
   const dispatch = useDispatch();
   const navigate = useNavigate();
   async function loginHandler() {
@@ -92,8 +93,8 @@ export default function Login() {
         </div>
       </CardContent>
       <CardFooter>
-        <Button onClick={loginHandler} className="w-full">
-          Sign in
+        <Button disabled={isLoading} onClick={loginHandler} className="w-full">
+          {isLoading ? <LoadingSpinner /> : "Sign in"}
         </Button>
       </CardFooter>
     </Card>

diff --git a/frontend/src/features/auth/authApi.ts b/frontend/src/features/auth/authApi.ts
@@ -2,6 +2,8 @@ import { createApi, fetchBaseQuery } from "@reduxjs/toolkit/query/react";
 import { noteApi } from "../notes/noteApi";
 import { userApi } from "../users/userApi";
 import { logOut, setCredentials } from "./authSlice";
+console.log(import.meta.env.VITE_BASE_URL);
+
 export const authApi = createApi({
   reducerPath: "authApi",
   baseQuery: fetchBaseQuery({