diff --git a/controllers/mapelController.js b/controllers/mapelController.js index 9a37165..1201c28 100644 --- a/controllers/mapelController.js +++ b/controllers/mapelController.js @@ -1,19 +1,37 @@ "use strict" -const {Mapel,Score} = require("../models"); +const {Mapel,Score,Student} = require("../models"); const mapelController= { getMapel: async(req,res,next)=>{ try { - let mapel = await Mapel.findAll(); - res.status(200).json({ - message: 'Success', - mapel - }) + const currentUser = req.currentUser; + if(currentUser.role === "admin"){ + let mapel = await Mapel.findAll(); + if(mapel.length){ + + res.status(200).json({ + message: 'Success', + mapel, + currentUser + }) + }else{ + res.status(404).json({ + msg : "Data is Empty" + }) + } + } + + if(currentUser.role === "teacher"){ + let mapel = await Mapel.findAll(); + res.status(200).json({ + message: 'Success', + mapel, + currentUser + }) + } } catch (error) { - res.status(500).json({ - error - }) + next({code:500,message:error.message}) } }, getDetail: async(req,res,next)=>{ @@ -39,16 +57,26 @@ const mapelController= { }, addMapel: async(req,res,next)=>{ try { - let {nama_mapel} = req.body; - - let data = await Mapel.create({nama_mapel}); + const currentUser = req.currentUser + console.log(currentUser.role) - - res.status(201).json({ - status: 'success', - data - }) - + let {nama_mapel} = req.body; + + if(currentUser.role === "admin"){ + + + let data = await Mapel.create({nama_mapel}); + + + res.status(201).json({ + status: 'success', + data + }) + }else{ + res.status(401).json({ + message:"User Access Denied" + }) + } } catch (err) { next({code: 500, message: err.message || 'Internal Server Error'}) @@ -56,43 +84,62 @@ const mapelController= { }, patchMapel: async(req,res,next)=>{ try { - let {nama_mapel} = req.body; - - let data = await Score.findOne({ - where: { - id: req.params.id + const currentUser = req.currentUser + console.log(currentUser.role) + if (currentUser.role === "admin") { + + let {nama_mapel} = req.body; + + let data = await Score.findOne({ + where: { + id: req.params.id + } + }); + + if (!data) { + return next({code: 400, message: 'Not Found, try with another id'}) } - }); - - if (!data) { - return next({code: 400, message: 'Not Found, try with another id'}) + + data.nama_mapel=nama_mapel + + await data.save(); + + res.status(200).json({ + status: 'success', + data + }) + console.log(data.toJSON()) + }else{ + res.status(401).json({ + message:"access denied" + }) } - data.nama_mapel=nama_mapel - - await data.save(); - - res.status(200).json({ - status: 'success', - data - }) - - console.log(data.toJSON()) } catch(err) { next({code: 500, message: err.message || 'Internal Server Error'}) } }, deleteMapel: async(req,res,next)=>{ try { - const data = await Mapel.findOne({where: {id: req.params.id}}); - - if (!data) { - return next({code: 400, message: 'Not Found, please try with another id'}) + const currentUser = req.currentUser + console.log(currentUser.role) + if (currentUser.role === "admin") { + + const data = await Mapel.findOne({where: {id: req.params.id}}); + + if (!data) { + return next({code: 400, message: 'Not Found, please try with another id'}) + } + + await data.destroy(); + + res.sendStatus(204) + } + else{ + res.status(401).json({ + message: "Access Denied" + }) } - - await data.destroy(); - - res.sendStatus(204) } catch(err) { next({code: 500, message: err.message || 'Internal Server Error'}) } diff --git a/controllers/scoreController.js b/controllers/scoreController.js index b3ba4b6..deb4723 100644 --- a/controllers/scoreController.js +++ b/controllers/scoreController.js @@ -5,11 +5,29 @@ const {Score,Mapel,Student} = require("../models"); const scoreController= { getScore: async(req,res,next)=>{ try { - let score = await Score.findAll(); - res.status(200).json({ - message: 'Success', - score - }) + const currentUser = req.currentUser + if (currentUser.role === "admin") { + + let score = await Score.findAll({include:Mapel}); + if (!score) { + return next({code:404,message:"Data Not Found"}) + } + res.status(200).json({ + message: 'Success', + score + }) + } + + if (currentUser.role === "teacher") { + let score = await Score.findAll({include:Mapel}); + if (!score) { + return next({code:404,message:"Data Not Found"}) + } + res.status(200).json({ + message: 'Success', + score + }) + } } catch (error) { res.status(500).json({ error @@ -19,23 +37,28 @@ const scoreController= { addScore: async(req,res,next)=>{ try { let {studentId,MapelId,grade} = req.body; + const currentUser = req.currentUser + if (currentUser.role === "admin") { + + // let student_name = await Student.findByPk(studentId); + // let Mapel_name = await Mapel.findByPk(MapelId) + + + + // console.log(student_name.toJSON(),Mapel_name.toJSON()); + // let result = await student_name.addMapel(Mapel_name) + let result = { + studentId : studentId, + MapelId : MapelId, + grade : grade + } + + let score = await Score.create(result) + res.status(201).json({ + status: score + }) + } - let student_name = await Student.findByPk(studentId); - let Mapel_name = await Mapel.findByPk(MapelId) - - - // console.log(student_name.toJSON(),Mapel_name.toJSON()); - let result = await student_name.addMapel(Mapel_name,{through : {grade : grade}}) - // let result = { - // studentId : studentId, - // MapelId : MapelId, - // grade : grade - // } - - // let score = await Score.create(result) - res.status(201).json({ - status: result - }) } catch (err) { next({code: 500, message: err.message || 'Internal Server Error'}) @@ -44,29 +67,59 @@ const scoreController= { }, getDetail: async(req,res,next)=>{ try { - const data = await Score.findOne({ - where: { - id: req.params.id - }, - include: Mapel - }) + const currentUser = req.currentUser + if (currentUser.role === "admin") { + + const data = await Score.findOne({ + where: { + id: req.params.id + }, + include: Mapel + }) + + let student_name = await Student.findByPk(studentId); + let Mapel_name = await Mapel.findByPk(MapelId) - let student_name = await Student.findByPk(studentId); - let Mapel_name = await Mapel.findByPk(MapelId) - - - // console.log(student_name.toJSON(),Mapel_name.toJSON()); - let result = await student_name.addMapel(Mapel_name) - // let result = { - // studentId : studentId, - // MapelId : MapelId, - // grade : grade - // } + + // console.log(student_name.toJSON(),Mapel_name.toJSON()); + let result = await student_name.addMapel(Mapel_name) + // let result = { + // studentId : studentId, + // MapelId : MapelId, + // grade : grade + // } + + // let score = await Score.create(result) + res.status(201).json({ + status: result + }) + } - // let score = await Score.create(result) - res.status(201).json({ - status: result - }) + if (currentUser.role==="teacher") { + const data = await Score.findOne({ + where: { + id: req.params.id + }, + include: Mapel + }) + + let student_name = await Student.findByPk(studentId); + let Mapel_name = await Mapel.findByPk(MapelId) + + + // console.log(student_name.toJSON(),Mapel_name.toJSON()); + let result = await student_name.addMapel(Mapel_name) + // let result = { + // studentId : studentId, + // MapelId : MapelId, + // grade : grade + // } + + // let score = await Score.create(result) + res.status(201).json({ + status: result + }) + } } catch (err) { next({code: 500, message: err.message || 'Internal Server Error'}) @@ -75,45 +128,55 @@ const scoreController= { }, patchScore: async(req,res,next)=>{ try { - let {studentId,MapelId,grade} = req.body; - - let data = await Score.findOne({ - where: { - id: req.params.id + const currentUser = req.currentUser + if (currentUser.role==="admin") { + + let {studentId,MapelId,grade} = req.body; + + let data = await Score.findOne({ + where: { + id: req.params.id + } + }); + + if (!data) { + return next({code: 400, message: 'Not Found, try another id'}) } - }); - - if (!data) { - return next({code: 400, message: 'Not Found, try another id'}) + + data.studentId=studentId, + data.MapelId = MapelId, + data.grade = grade + + await data.save(); + + res.status(200).json({ + status: 'success', + data + }) + + console.log(data.toJSON()) } - - data.studentId=studentId, - data.MapelId = MapelId, - data.grade = grade - - await data.save(); - - res.status(200).json({ - status: 'success', - data - }) - - console.log(data.toJSON()) } catch(err) { next({code: 500, message: err.message || 'Internal Server Error'}) } }, deleteScore: async(req,res,next)=>{ try { - const data = await Score.findOne({where: {id: req.params.id}}); - - if (!data) { - return next({code: 400, message: 'Not Found, please try another id'}) + const currentUser = req.currentUser + if (currentUser.role === "admin") { + + const data = await Score.findOne({where: {id: req.params.id}}); + + if (!data) { + return next({code: 400, message: 'Not Found, please try another id'}) + } + + await data.destroy(); + + res.sendStatus(200).json({ + message:"berhasi hapus data" + }) } - - await data.destroy(); - - res.sendStatus(204) } catch(err) { next({code: 500, message: err.message || 'Internal Server Error'}) } diff --git a/controllers/studentController.js b/controllers/studentController.js index 41f5bd7..08976c0 100644 --- a/controllers/studentController.js +++ b/controllers/studentController.js @@ -1,6 +1,6 @@ "use strict" -const {Student,Class,Mapel} = require("../models"); +const {Student,Class,Mapel,Score} = require("../models"); const studentController = { @@ -8,7 +8,7 @@ const studentController = { try { const currentUser = req.currentUser; if (currentUser.role === "admin"){ - let student = await Student.findAll({include : [Class,Mapel]}); + let student = await Student.findAll({include : [Class,Mapel,Score]}); if (student.length){ res.status(200).json({ msg: "Success Get All Data of Student", @@ -25,7 +25,7 @@ const studentController = { // console.log(currentUser.dataValues) let student = await Student.findAll({where : { ClassId : currentUser.dataValues.Class.dataValues.id - },include : [Class,Mapel]}); + },include : [Class,Mapel,Score]}); if (student.length){ res.status(200).json({ msg: "Success Get All Data of Student", diff --git a/models/mapel.js b/models/mapel.js index 96fe166..c604ead 100644 --- a/models/mapel.js +++ b/models/mapel.js @@ -15,7 +15,9 @@ module.exports = (sequelize, DataTypes) => { // Mapel.hasMany(models.Score, { // foreignKey: 'MapelId' // }); - this.belongsToMany(models.Student,{through:"Scores"}) + // this.belongsToMany(models.mapel,{through:"Scores"}) + + this.belongsToMany(models.Student,{through:"Scores",foreignKey:"MapelId",otherKey:"studentId"}) } }; Mapel.init({ diff --git a/models/score.js b/models/score.js index 3fcde53..0b56a32 100644 --- a/models/score.js +++ b/models/score.js @@ -17,6 +17,11 @@ module.exports = (sequelize, DataTypes) => { // this.belongsToMany(models.Student,{through:"studentId"}) // this.belongsToMany(models.Student,{through : "Scores",sourceKey : "studentId"}) // this.belongsToMany(models.Mapel,{through : "Scores",sourceKey: "MapelId"}) + + Score.hasMany(models.Mapel, { + foreignKey: 'id' + }) + this.belongsToMany(models.Student,{through:"Scores",foreignKey:"id"}) } }; Score.init({ diff --git a/models/student.js b/models/student.js index 70d824e..eddd8c5 100644 --- a/models/student.js +++ b/models/student.js @@ -12,7 +12,9 @@ module.exports = (sequelize, DataTypes) => { static associate(models) { // define association here this.belongsTo(models.Class,{foreignKey:"ClassId"}) - this.belongsToMany(models.Mapel,{through:"Scores"}) + this.belongsToMany(models.Mapel,{through:"Scores",foreignKey:"id"}) + // this.belongsToMany(models.Score,{through:"Scores"}) + this.belongsTo(models.Score,{foreignKey:"id"}) } }; Student.init({ diff --git a/routers/mapel.js b/routers/mapel.js index dd1c29d..51e3af2 100644 --- a/routers/mapel.js +++ b/routers/mapel.js @@ -1,12 +1,14 @@ "use strict"; const mapelController = require("../controllers/mapelController"); +const authentication = require("../middlewares/authentication"); +const authorization = require("../middlewares/authorization"); const mapelRouter = require("express").Router(); -mapelRouter.get("/mapels", mapelController.getMapel); -mapelRouter.get("/mapels/:id", mapelController.getDetail) -mapelRouter.post("/mapels", mapelController.addMapel); -mapelRouter.patch("/mapels/:id", mapelController.patchMapel); -mapelRouter.delete("/mapels/:id", mapelController.deleteMapel); +mapelRouter.get("/mapels",authentication,authorization(["admin","teacher"]), mapelController.getMapel); +mapelRouter.get("/mapels/:id",authentication,authorization(["admin","teacher"]), mapelController.getDetail) +mapelRouter.post("/mapels",authentication,authorization(["admin"]), mapelController.addMapel); +mapelRouter.patch("/mapels/:id",authentication,authorization(["admin"]), mapelController.patchMapel); +mapelRouter.delete("/mapels/:id",authentication,authorization(["admin"]), mapelController.deleteMapel); module.exports = mapelRouter; \ No newline at end of file diff --git a/routers/score.js b/routers/score.js index 5ff10c3..9893034 100644 --- a/routers/score.js +++ b/routers/score.js @@ -1,12 +1,13 @@ "use strict"; - +const authentication = require("../middlewares/authentication") +const authorization = require("../middlewares/authorization") const scoreController = require("../controllers/scoreController"); const scoreRouter = require("express").Router(); -scoreRouter.get("/scores", scoreController.getScore); -scoreRouter.get("/scores/:id", scoreController.getDetail) -scoreRouter.post("/scores", scoreController.addScore); -scoreRouter.patch("/scores/:id", scoreController.patchScore); -scoreRouter.delete("/scores/:id", scoreController.deleteScore); +scoreRouter.get("/scores",authentication,authorization(["admin","teacher"]), scoreController.getScore); +scoreRouter.get("/scores/:id",authentication,authorization(["admin","teacher"]), scoreController.getDetail) +scoreRouter.post("/scores",authentication,authorization(["admin"]), scoreController.addScore); +scoreRouter.patch("/scores/:id",authentication,authorization(["admin"]), scoreController.patchScore); +scoreRouter.delete("/scores/:id",authentication,authorization(["admin"]), scoreController.deleteScore); module.exports = scoreRouter; \ No newline at end of file