Admin roles and tokens
Opened this issue · 6 comments
Is it possible to do this up quickly? Like using the role column in the Users table to determine user role. Then, endpoints which require admin rights would be deleting section.
The role column was implemented since the beginning of ExchangeBuddy...
Things need to be changed are backend role check and DB role assignment (0 being least privilege, 10 being the highest privilege(admin)).
Hmm, it was implemented since the start but is it being used? I'm ok with anything, just suggesting only.
Never used as didn't have time to implement the admin page, but it is intended to be used for admin page. :)
User role is currently designed to range from level 0 - 10 where 0 being the lowest privilege and 10 being the highest privilege.
We should discuss on what privilege each level should has. @plsgibchance
For now, I implemented (hard-coded) admin privilege temporarily for createUniversity end-point, and assume anyone with role level 8 and above can add university.
@ZhangHanming @irvinlim Please help to assign necessary admins with corresponding privileges in User table role column.
@WYHNUS The admin privilege is being checked in the req.user.role property, but it's undefined, which causes it to pass the check (undefined < 8 == false). The req.user object looks like this:
{ id: 491,
email: 'irvinlimweiquan@gmail.com',
name: 'Irvin Lim',
profilePictureUrl: 'https://scontent.xx.fbcdn.net/v/t1.0-1/p720x720/12744490_10154668045582575_8254141537094470326_n.jpg?oh=3225976ed7f71907c974cbcc5fc056e6&oe=58CCF01A',
exp: 1482167290,
iat: 1481562490 }
Hence, you need to fix the error + use parseInt.
Can you clear cache and try again, coz role field should present in the signature.
BTW, I've added a simple user.role validity check in the backend.