Merge pull request #73 from kohkaixun/master

Rectify admin view
CS3219-AY2324S1 · Nov 10, 2023 · db405cb · db405cb
2 parents 337c910 + 5b1b2e3
commit db405cb
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 3 deletions.
diff --git a/backend/question-backend/routes/categoryRouter.js b/backend/question-backend/routes/categoryRouter.js
@@ -10,7 +10,7 @@ import { updateCategory } from "../controller/updateCategory.js";
 
 const router = express.Router();
 
-router.get("/", [checkLogin], getCategories);
+router.get("/", getCategories);
 router.post("/", [checkLogin, checkAdmin], addCategory);
 router.put("/:oldName", [checkLogin, checkAdmin], updateCategory);
 router.delete("/:name", [checkLogin, checkAdmin], deleteCategory);

diff --git a/backend/user_profile_backend/middleware/validateAdmin.js b/backend/user_profile_backend/middleware/validateAdmin.js
@@ -0,0 +1,25 @@
+const axios = require('axios')
+const { verifyJsonWebToken } = require('./tokenUtils')
+const USER_HOST = process.env.USER_HOST ? process.env.USER_HOST : "http://localhost:4000/api/users"
+
+
+async function validateAdmin (request, response, next) {
+    const token = request.headers.authorization
+    console.log(token)
+    try {
+        const is_admin = verifyJsonWebToken(token).user_data.is_admin
+        if (!is_admin) {
+            return response.status(401).json({ error: 'Unauthorised access. User not admin.' })
+        }
+    } catch (error) {
+        console.log("error")
+        console.log(error.message)
+        return response.status(401).json({ error: 'Unauthorised' })
+    }
+
+    next()
+}
+
+module.exports = {
+    validateAdmin
+}
diff --git a/backend/user_profile_backend/routes/user-profile-router.js b/backend/user_profile_backend/routes/user-profile-router.js
@@ -2,6 +2,7 @@ const express = require('express')
 
 const bodyParser = require('body-parser')
 const { validateUser } = require('../middleware/validateUser')
+const { validateAdmin } = require('../middleware/validateAdmin')
 
 const getUserById = require('../controller/getUser').getUserById
 const getUserByName = require('../controller/getUser').getUserByName
@@ -32,6 +33,6 @@ router.get('/userByName', [validateUser], getUserByName)
 router.put('/updateUser', [validateUser], updateUserInfo)
 router.delete('/deleteUser', [validateUser], deleteUserByUserID)
 router.get('/checkUserAdmin', [validateUser], checkUSerAdmin)
-router.put('/setUserAdmin', [validateUser], setUserAdmin)
+router.put('/setUserAdmin', [validateUser, validateAdmin], setUserAdmin)
 
 module.exports = router
diff --git a/frontend/src/pages/AdminView.js b/frontend/src/pages/AdminView.js
@@ -43,7 +43,7 @@ export default function AdminView () {
         // Make a PUT request to set the user as admin
         const token = getAuthCookie()
 
-        axios.put(`${USER_HOST}/setUserAdmin?username=${username}`, {
+        axios.put(`${USER_HOST}/setUserAdmin?username=${username}`, {}, {
             headers: {
                 'Authorization': token
             }