From fdfa72e610976170a1e6f28954affef73a056b15 Mon Sep 17 00:00:00 2001 From: firdaous elhalafi Date: Sat, 7 Oct 2023 11:23:01 +0200 Subject: [PATCH] gestion des permissions pour les agents --- routes/announcement.js | 16 +++++++++++----- routes/index.js | 26 ++++++++++++++++++++------ views/announcement_details.pug | 7 +++++-- views/update_announcement.pug | 2 +- 4 files changed, 37 insertions(+), 14 deletions(-) diff --git a/routes/announcement.js b/routes/announcement.js index 8f398b8..383528e 100644 --- a/routes/announcement.js +++ b/routes/announcement.js @@ -7,6 +7,8 @@ const upload = require('../multer-config') const Announcement = models.Announcement; const isAuthenticated = routes.isAuthenticated; +const isAgent = routes.isAgent; +const isAgentAddAnnouncements = routes.isAgentAddAnnouncements; // Route pour récupérer toutes les annonces router.get('/', async (req, res) => { @@ -23,7 +25,11 @@ router.get('/', async (req, res) => { }); // Route pour afficher la page d'ajout d'annonce -router.get('/add-announcement', isAuthenticated, (req, res) => { +router.get('/add-announcement', isAuthenticated, isAgentAddAnnouncements, (req, res) => { + const errors = req.flash('error'); + if (errors.length > 0) { + return res.render('register', { error: errors[0] }); + } res.render('add_announcement',{ user : req.user }); }); @@ -38,7 +44,7 @@ router.get('/:id', async (req, res) => { } }); -router.post('/add-announcement', isAuthenticated, upload.array('photos', ), async (req, res) => { +router.post('/add-announcement', isAuthenticated, isAgent, upload.array('photos', ), async (req, res) => { const { title, propertyType, publicationStatus, propertyStatus, description, price, availabilityDate} = req.body; const photos = req.files.map(file => file.filename); @@ -66,7 +72,7 @@ router.post('/add-announcement', isAuthenticated, upload.array('photos', ), asyn }); // route to display form to update an ad -router.get('/update/:id', isAuthenticated, async (req, res) => { +router.get('/update/:id', isAuthenticated, isAgent, async (req, res) => { try { const announcementId = req.params.id; const announcementDetails = await Announcement.findById(announcementId); @@ -82,7 +88,7 @@ router.get('/update/:id', isAuthenticated, async (req, res) => { }); // Route to handle update of an ad -router.post('/update/:id', isAuthenticated, upload.array('photos', ), async (req, res) => { +router.post('/update/:id', isAuthenticated, isAgent, upload.array('photos', ), async (req, res) => { const announcementId = req.params.id; const { title, propertyType, publicationStatus, propertyStatus, description, price, availabilityDate } = req.body; photos = []; @@ -116,7 +122,7 @@ router.post('/update/:id', isAuthenticated, upload.array('photos', ), async (req } }); -router.get('/delete/:id', isAuthenticated, async (req, res) => { +router.get('/delete/:id', isAuthenticated, isAgent, async (req, res) => { try { const announcementId = req.params.id; const deletedAnnouncement = await Announcement.findByIdAndRemove(announcementId); diff --git a/routes/index.js b/routes/index.js index 81c6d91..ab27826 100644 --- a/routes/index.js +++ b/routes/index.js @@ -55,12 +55,9 @@ router.post('/register', async function(req, res) { return res.render('register', { error: ' This user already exists.' }); } - const newUser = new User({ - username: username, - password: password, - isAgent: role === 'agent' - }); - User.register(new User ({ username : req.body.username }), req.body.password, req.body.role === 'agent'); + const isAgent = role === 'agent'; + + User.register(new User ({ username : username, isAgent : isAgent}), password); //await newUser.setPassword(password); //await newUser.save(); @@ -96,8 +93,25 @@ const setUserIfAuthenticated = (req, res, next) => { next(); }; +const isAgentAddAnnouncements = (req, res, next) => { + if (req.user && req.user.isAgent) { + return next(); + } + req.flash('error', 'Vous n\'êtes pas autorisé à effectuer cette action. Créez un compte agent pour publier des annonces.'); + return next(); +}; + +const isAgent = (req, res, next) => { + if (req.user && req.user.isAgent) { + return next(); + } + return res.status(403).json({ message: 'Vous n\'êtes pas autorisé à effectuer cette action.' }); +}; + module.exports = { router: router, isAuthenticated: isAuthenticated, setUserIfAuthenticated: setUserIfAuthenticated, + isAgent: isAgent, + isAgentAddAnnouncements: isAgentAddAnnouncements }; \ No newline at end of file diff --git a/views/announcement_details.pug b/views/announcement_details.pug index 67ddbf7..2e213ac 100644 --- a/views/announcement_details.pug +++ b/views/announcement_details.pug @@ -23,5 +23,8 @@ block content .mt-3 - a.btn.btn-primary(href=`/announcements/update/${announcement._id}`) Modifier l'annonce - a.btn.btn-danger(href=`/announcements/delete/${announcement._id}`) Supprimer l'annonce + if user && user.isAgent + a.btn.btn-primary(href=`/announcements/update/${announcement._id}`) Modifier l'annonce + a.btn.btn-danger(href=`/announcements/delete/${announcement._id}`) Supprimer l'annonce + a.btn.btn-secondary(href="/announcements") Annuler + diff --git a/views/update_announcement.pug b/views/update_announcement.pug index bf9e8aa..e5c34bb 100644 --- a/views/update_announcement.pug +++ b/views/update_announcement.pug @@ -46,4 +46,4 @@ block content input#photos.form-control(type="file", name="photos", accept="image/*", multiple) button.btn.btn-primary(type="submit") Modifier l'annonce - a.btn.btn-secondary(href="/announcements") Annuler + a.btn.btn-secondary(href=`/announcements/${announcement._id}`) Annuler -- GitLab