37df062f3b
Some checks are pending
Docker Test / test (push) Waiting to run
This commit implements the role-based access control system as outlined in the project documentation. It includes: - A requireRole middleware for protecting routes - Auth routes for registration, login, profile management - Audit logging for sensitive actions - Role management endpoints - Updated app.js to include audit logging middleware
41 lines
No EOL
1.2 KiB
JavaScript
41 lines
No EOL
1.2 KiB
JavaScript
// routes/roles.js
|
|
const express = require('express');
|
|
const router = express.Router();
|
|
const requireRole = require('../middleware/requireRole');
|
|
|
|
// Mock roles database (in real app, this would be a real DB)
|
|
const roles = [
|
|
{ id: 1, name: 'user', description: 'Standard user role' },
|
|
{ id: 2, name: 'moderator', description: 'Moderation role' },
|
|
{ id: 3, name: 'admin', description: 'Administrator role' }
|
|
];
|
|
|
|
// Get all roles (requires admin)
|
|
router.get('/', requireRole(['admin']), (req, res) => {
|
|
res.json(roles);
|
|
});
|
|
|
|
// Get role by ID (requires admin)
|
|
router.get('/:id', requireRole(['admin']), (req, res) => {
|
|
const role = roles.find(r => r.id === parseInt(req.params.id));
|
|
if (!role) {
|
|
return res.status(404).json({ error: 'Role not found' });
|
|
}
|
|
res.json(role);
|
|
});
|
|
|
|
// Update role permissions (requires admin)
|
|
router.put('/:id', requireRole(['admin']), (req, res) => {
|
|
const roleIndex = roles.findIndex(r => r.id === parseInt(req.params.id));
|
|
if (roleIndex === -1) {
|
|
return res.status(404).json({ error: 'Role not found' });
|
|
}
|
|
|
|
const { name, description } = req.body;
|
|
if (name) roles[roleIndex].name = name;
|
|
if (description) roles[roleIndex].description = description;
|
|
|
|
res.json(roles[roleIndex]);
|
|
});
|
|
|
|
module.exports = router; |