From 1fad143751a52bf7b50392a285cf80863f0dcc5b Mon Sep 17 00:00:00 2001 From: wirahadi007 Date: Sat, 2 Oct 2021 13:50:57 +0800 Subject: [PATCH 1/5] configure role on mapel --- controllers/mapelController.js | 127 ++++++++++++++++++++----------- controllers/scoreController.js | 23 +++--- controllers/studentController.js | 2 +- models/mapel.js | 2 + models/score.js | 5 ++ models/student.js | 1 + 6 files changed, 105 insertions(+), 55 deletions(-) diff --git a/controllers/mapelController.js b/controllers/mapelController.js index 9a37165..da394fd 100644 --- a/controllers/mapelController.js +++ b/controllers/mapelController.js @@ -1,17 +1,32 @@ "use strict" -const {Mapel,Score} = require("../models"); +const {Mapel,Score,Student} = require("../models"); const mapelController= { getMapel: async(req,res,next)=>{ try { - let mapel = await Mapel.findAll(); - res.status(200).json({ - message: 'Success', - mapel - }) + const currentUser = req.currentUser + console.log(currentUser.role) + if(currentUser.role === "admin"){ + let mapel = await Mapel.findAll({include:[Score]}); + res.status(200).json({ + message: 'Success', + mapel, + currentUser + }) + } + + if(currentUser.role === "teacher"){ + let mapel = await Mapel.findAll({include:[Score]}); + res.status(200).json({ + message: 'Success', + mapel, + currentUser + }) + } } catch (error) { res.status(500).json({ + message:"unatuhorization", error }) } @@ -39,16 +54,24 @@ const mapelController= { }, addMapel: async(req,res,next)=>{ try { - let {nama_mapel} = req.body; - - let data = await Mapel.create({nama_mapel}); - - - res.status(201).json({ - status: 'success', - data - }) - + const currentUser = req.currentUser + console.log(currentUser.role) + if(currentUser.role === "admin"){ + + let {nama_mapel} = req.body; + + let data = await Mapel.create({nama_mapel}); + + + res.status(201).json({ + status: 'success', + data + }) + }else{ + res.status(401).json({ + message:"User Access Denied" + }) + } } catch (err) { next({code: 500, message: err.message || 'Internal Server Error'}) @@ -56,43 +79,61 @@ const mapelController= { }, patchMapel: async(req,res,next)=>{ try { - let {nama_mapel} = req.body; - - let data = await Score.findOne({ - where: { - id: req.params.id + const currentUser = req.currentUser + console.log(currentUser.role) + if (currentUser.role === "admin") { + + let {nama_mapel} = req.body; + + let data = await Score.findOne({ + where: { + id: req.params.id + } + }); + + if (!data) { + return next({code: 400, message: 'Not Found, try with another id'}) } - }); - - if (!data) { - return next({code: 400, message: 'Not Found, try with another id'}) + + data.nama_mapel=nama_mapel + + await data.save(); + + res.status(200).json({ + status: 'success', + data + }) + console.log(data.toJSON()) + }else{ + res.status(401).json({ + message:"access denied" + }) } - data.nama_mapel=nama_mapel - - await data.save(); - - res.status(200).json({ - status: 'success', - data - }) - - console.log(data.toJSON()) } catch(err) { next({code: 500, message: err.message || 'Internal Server Error'}) } }, deleteMapel: async(req,res,next)=>{ try { - const data = await Mapel.findOne({where: {id: req.params.id}}); - - if (!data) { - return next({code: 400, message: 'Not Found, please try with another id'}) + const currentUser = req.currentUser + console.log(currentUser.role) + if (currentUser.role === "admin") { + + const data = await Mapel.findOne({where: {id: req.params.id}}); + + if (!data) { + return next({code: 400, message: 'Not Found, please try with another id'}) + } + + await data.destroy(); + + res.sendStatus(204) + }else{ + res.status(401).json({ + message: "Access Denied" + }) } - - await data.destroy(); - - res.sendStatus(204) } catch(err) { next({code: 500, message: err.message || 'Internal Server Error'}) } diff --git a/controllers/scoreController.js b/controllers/scoreController.js index b3ba4b6..b62e4e4 100644 --- a/controllers/scoreController.js +++ b/controllers/scoreController.js @@ -5,7 +5,7 @@ const {Score,Mapel,Student} = require("../models"); const scoreController= { getScore: async(req,res,next)=>{ try { - let score = await Score.findAll(); + let score = await Score.findAll({include:Mapel}); res.status(200).json({ message: 'Success', score @@ -20,21 +20,22 @@ const scoreController= { try { let {studentId,MapelId,grade} = req.body; - let student_name = await Student.findByPk(studentId); - let Mapel_name = await Mapel.findByPk(MapelId) + // let student_name = await Student.findByPk(studentId); + // let Mapel_name = await Mapel.findByPk(MapelId) + // console.log(student_name.toJSON(),Mapel_name.toJSON()); - let result = await student_name.addMapel(Mapel_name,{through : {grade : grade}}) - // let result = { - // studentId : studentId, - // MapelId : MapelId, - // grade : grade - // } + // let result = await student_name.addMapel(Mapel_name) + let result = { + studentId : studentId, + MapelId : MapelId, + grade : grade + } - // let score = await Score.create(result) + let score = await Score.create(result) res.status(201).json({ - status: result + status: score }) } catch (err) { diff --git a/controllers/studentController.js b/controllers/studentController.js index 41f5bd7..6cd14dd 100644 --- a/controllers/studentController.js +++ b/controllers/studentController.js @@ -1,6 +1,6 @@ "use strict" -const {Student,Class,Mapel} = require("../models"); +const {Student,Class,Mapel,Score} = require("../models"); const studentController = { diff --git a/models/mapel.js b/models/mapel.js index 96fe166..9a3ce5c 100644 --- a/models/mapel.js +++ b/models/mapel.js @@ -15,6 +15,8 @@ module.exports = (sequelize, DataTypes) => { // Mapel.hasMany(models.Score, { // foreignKey: 'MapelId' // }); + // this.belongsToMany(models.mapel,{through:"Scores"}) + this.belongsToMany(models.Student,{through:"Scores"}) } }; diff --git a/models/score.js b/models/score.js index 3fcde53..f1d4571 100644 --- a/models/score.js +++ b/models/score.js @@ -17,6 +17,11 @@ module.exports = (sequelize, DataTypes) => { // this.belongsToMany(models.Student,{through:"studentId"}) // this.belongsToMany(models.Student,{through : "Scores",sourceKey : "studentId"}) // this.belongsToMany(models.Mapel,{through : "Scores",sourceKey: "MapelId"}) + + Score.hasMany(models.Mapel, { + foreignKey: 'id' + }) + this.belongsToMany(models.Student,{through:"Scores"}) } }; Score.init({ diff --git a/models/student.js b/models/student.js index 70d824e..9dc8fdf 100644 --- a/models/student.js +++ b/models/student.js @@ -13,6 +13,7 @@ module.exports = (sequelize, DataTypes) => { // define association here this.belongsTo(models.Class,{foreignKey:"ClassId"}) this.belongsToMany(models.Mapel,{through:"Scores"}) + this.belongsTo(models.Score,{foreignKey:"id"}) } }; Student.init({ From 0af859d3b4fb58cad9be7b1f78621ff2af9b873a Mon Sep 17 00:00:00 2001 From: wirahadi007 Date: Sat, 2 Oct 2021 13:55:03 +0800 Subject: [PATCH 2/5] fix typo --- routers/mapel.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/routers/mapel.js b/routers/mapel.js index dd1c29d..51e3af2 100644 --- a/routers/mapel.js +++ b/routers/mapel.js @@ -1,12 +1,14 @@ "use strict"; const mapelController = require("../controllers/mapelController"); +const authentication = require("../middlewares/authentication"); +const authorization = require("../middlewares/authorization"); const mapelRouter = require("express").Router(); -mapelRouter.get("/mapels", mapelController.getMapel); -mapelRouter.get("/mapels/:id", mapelController.getDetail) -mapelRouter.post("/mapels", mapelController.addMapel); -mapelRouter.patch("/mapels/:id", mapelController.patchMapel); -mapelRouter.delete("/mapels/:id", mapelController.deleteMapel); +mapelRouter.get("/mapels",authentication,authorization(["admin","teacher"]), mapelController.getMapel); +mapelRouter.get("/mapels/:id",authentication,authorization(["admin","teacher"]), mapelController.getDetail) +mapelRouter.post("/mapels",authentication,authorization(["admin"]), mapelController.addMapel); +mapelRouter.patch("/mapels/:id",authentication,authorization(["admin"]), mapelController.patchMapel); +mapelRouter.delete("/mapels/:id",authentication,authorization(["admin"]), mapelController.deleteMapel); module.exports = mapelRouter; \ No newline at end of file From 7e4d154db2e1009a8b66c80c9649c147b8b7e068 Mon Sep 17 00:00:00 2001 From: wirahadi007 Date: Sat, 2 Oct 2021 15:20:57 +0800 Subject: [PATCH 3/5] done mapel role config --- controllers/mapelController.js | 36 ++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/controllers/mapelController.js b/controllers/mapelController.js index da394fd..1201c28 100644 --- a/controllers/mapelController.js +++ b/controllers/mapelController.js @@ -5,19 +5,25 @@ const {Mapel,Score,Student} = require("../models"); const mapelController= { getMapel: async(req,res,next)=>{ try { - const currentUser = req.currentUser - console.log(currentUser.role) + const currentUser = req.currentUser; if(currentUser.role === "admin"){ - let mapel = await Mapel.findAll({include:[Score]}); - res.status(200).json({ - message: 'Success', - mapel, - currentUser - }) + let mapel = await Mapel.findAll(); + if(mapel.length){ + + res.status(200).json({ + message: 'Success', + mapel, + currentUser + }) + }else{ + res.status(404).json({ + msg : "Data is Empty" + }) + } } if(currentUser.role === "teacher"){ - let mapel = await Mapel.findAll({include:[Score]}); + let mapel = await Mapel.findAll(); res.status(200).json({ message: 'Success', mapel, @@ -25,10 +31,7 @@ const mapelController= { }) } } catch (error) { - res.status(500).json({ - message:"unatuhorization", - error - }) + next({code:500,message:error.message}) } }, getDetail: async(req,res,next)=>{ @@ -56,9 +59,11 @@ const mapelController= { try { const currentUser = req.currentUser console.log(currentUser.role) + + let {nama_mapel} = req.body; + if(currentUser.role === "admin"){ - let {nama_mapel} = req.body; let data = await Mapel.create({nama_mapel}); @@ -129,7 +134,8 @@ const mapelController= { await data.destroy(); res.sendStatus(204) - }else{ + } + else{ res.status(401).json({ message: "Access Denied" }) From 02922e987106cf0022843c53ec5cdd0a01e3d5b3 Mon Sep 17 00:00:00 2001 From: wirahadi007 Date: Sat, 2 Oct 2021 15:37:49 +0800 Subject: [PATCH 4/5] config role score --- controllers/scoreController.js | 206 +++++++++++++++++++++------------ routers/score.js | 13 ++- 2 files changed, 141 insertions(+), 78 deletions(-) diff --git a/controllers/scoreController.js b/controllers/scoreController.js index b62e4e4..deb4723 100644 --- a/controllers/scoreController.js +++ b/controllers/scoreController.js @@ -5,11 +5,29 @@ const {Score,Mapel,Student} = require("../models"); const scoreController= { getScore: async(req,res,next)=>{ try { - let score = await Score.findAll({include:Mapel}); - res.status(200).json({ - message: 'Success', - score - }) + const currentUser = req.currentUser + if (currentUser.role === "admin") { + + let score = await Score.findAll({include:Mapel}); + if (!score) { + return next({code:404,message:"Data Not Found"}) + } + res.status(200).json({ + message: 'Success', + score + }) + } + + if (currentUser.role === "teacher") { + let score = await Score.findAll({include:Mapel}); + if (!score) { + return next({code:404,message:"Data Not Found"}) + } + res.status(200).json({ + message: 'Success', + score + }) + } } catch (error) { res.status(500).json({ error @@ -19,24 +37,28 @@ const scoreController= { addScore: async(req,res,next)=>{ try { let {studentId,MapelId,grade} = req.body; + const currentUser = req.currentUser + if (currentUser.role === "admin") { + + // let student_name = await Student.findByPk(studentId); + // let Mapel_name = await Mapel.findByPk(MapelId) + - // let student_name = await Student.findByPk(studentId); - // let Mapel_name = await Mapel.findByPk(MapelId) - - - - // console.log(student_name.toJSON(),Mapel_name.toJSON()); - // let result = await student_name.addMapel(Mapel_name) - let result = { - studentId : studentId, - MapelId : MapelId, - grade : grade + + // console.log(student_name.toJSON(),Mapel_name.toJSON()); + // let result = await student_name.addMapel(Mapel_name) + let result = { + studentId : studentId, + MapelId : MapelId, + grade : grade + } + + let score = await Score.create(result) + res.status(201).json({ + status: score + }) } - - let score = await Score.create(result) - res.status(201).json({ - status: score - }) + } catch (err) { next({code: 500, message: err.message || 'Internal Server Error'}) @@ -45,29 +67,59 @@ const scoreController= { }, getDetail: async(req,res,next)=>{ try { - const data = await Score.findOne({ - where: { - id: req.params.id - }, - include: Mapel - }) + const currentUser = req.currentUser + if (currentUser.role === "admin") { + + const data = await Score.findOne({ + where: { + id: req.params.id + }, + include: Mapel + }) + + let student_name = await Student.findByPk(studentId); + let Mapel_name = await Mapel.findByPk(MapelId) - let student_name = await Student.findByPk(studentId); - let Mapel_name = await Mapel.findByPk(MapelId) - - - // console.log(student_name.toJSON(),Mapel_name.toJSON()); - let result = await student_name.addMapel(Mapel_name) - // let result = { - // studentId : studentId, - // MapelId : MapelId, - // grade : grade - // } + + // console.log(student_name.toJSON(),Mapel_name.toJSON()); + let result = await student_name.addMapel(Mapel_name) + // let result = { + // studentId : studentId, + // MapelId : MapelId, + // grade : grade + // } + + // let score = await Score.create(result) + res.status(201).json({ + status: result + }) + } - // let score = await Score.create(result) - res.status(201).json({ - status: result - }) + if (currentUser.role==="teacher") { + const data = await Score.findOne({ + where: { + id: req.params.id + }, + include: Mapel + }) + + let student_name = await Student.findByPk(studentId); + let Mapel_name = await Mapel.findByPk(MapelId) + + + // console.log(student_name.toJSON(),Mapel_name.toJSON()); + let result = await student_name.addMapel(Mapel_name) + // let result = { + // studentId : studentId, + // MapelId : MapelId, + // grade : grade + // } + + // let score = await Score.create(result) + res.status(201).json({ + status: result + }) + } } catch (err) { next({code: 500, message: err.message || 'Internal Server Error'}) @@ -76,45 +128,55 @@ const scoreController= { }, patchScore: async(req,res,next)=>{ try { - let {studentId,MapelId,grade} = req.body; - - let data = await Score.findOne({ - where: { - id: req.params.id + const currentUser = req.currentUser + if (currentUser.role==="admin") { + + let {studentId,MapelId,grade} = req.body; + + let data = await Score.findOne({ + where: { + id: req.params.id + } + }); + + if (!data) { + return next({code: 400, message: 'Not Found, try another id'}) } - }); - - if (!data) { - return next({code: 400, message: 'Not Found, try another id'}) + + data.studentId=studentId, + data.MapelId = MapelId, + data.grade = grade + + await data.save(); + + res.status(200).json({ + status: 'success', + data + }) + + console.log(data.toJSON()) } - - data.studentId=studentId, - data.MapelId = MapelId, - data.grade = grade - - await data.save(); - - res.status(200).json({ - status: 'success', - data - }) - - console.log(data.toJSON()) } catch(err) { next({code: 500, message: err.message || 'Internal Server Error'}) } }, deleteScore: async(req,res,next)=>{ try { - const data = await Score.findOne({where: {id: req.params.id}}); - - if (!data) { - return next({code: 400, message: 'Not Found, please try another id'}) + const currentUser = req.currentUser + if (currentUser.role === "admin") { + + const data = await Score.findOne({where: {id: req.params.id}}); + + if (!data) { + return next({code: 400, message: 'Not Found, please try another id'}) + } + + await data.destroy(); + + res.sendStatus(200).json({ + message:"berhasi hapus data" + }) } - - await data.destroy(); - - res.sendStatus(204) } catch(err) { next({code: 500, message: err.message || 'Internal Server Error'}) } diff --git a/routers/score.js b/routers/score.js index 5ff10c3..9893034 100644 --- a/routers/score.js +++ b/routers/score.js @@ -1,12 +1,13 @@ "use strict"; - +const authentication = require("../middlewares/authentication") +const authorization = require("../middlewares/authorization") const scoreController = require("../controllers/scoreController"); const scoreRouter = require("express").Router(); -scoreRouter.get("/scores", scoreController.getScore); -scoreRouter.get("/scores/:id", scoreController.getDetail) -scoreRouter.post("/scores", scoreController.addScore); -scoreRouter.patch("/scores/:id", scoreController.patchScore); -scoreRouter.delete("/scores/:id", scoreController.deleteScore); +scoreRouter.get("/scores",authentication,authorization(["admin","teacher"]), scoreController.getScore); +scoreRouter.get("/scores/:id",authentication,authorization(["admin","teacher"]), scoreController.getDetail) +scoreRouter.post("/scores",authentication,authorization(["admin"]), scoreController.addScore); +scoreRouter.patch("/scores/:id",authentication,authorization(["admin"]), scoreController.patchScore); +scoreRouter.delete("/scores/:id",authentication,authorization(["admin"]), scoreController.deleteScore); module.exports = scoreRouter; \ No newline at end of file From 6877df384e00ee0e98329f33bf4732b725a48237 Mon Sep 17 00:00:00 2001 From: wirahadi007 Date: Sun, 3 Oct 2021 00:19:41 +0800 Subject: [PATCH 5/5] finish all role --- controllers/studentController.js | 4 ++-- models/mapel.js | 2 +- models/score.js | 2 +- models/student.js | 3 ++- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/controllers/studentController.js b/controllers/studentController.js index 6cd14dd..08976c0 100644 --- a/controllers/studentController.js +++ b/controllers/studentController.js @@ -8,7 +8,7 @@ const studentController = { try { const currentUser = req.currentUser; if (currentUser.role === "admin"){ - let student = await Student.findAll({include : [Class,Mapel]}); + let student = await Student.findAll({include : [Class,Mapel,Score]}); if (student.length){ res.status(200).json({ msg: "Success Get All Data of Student", @@ -25,7 +25,7 @@ const studentController = { // console.log(currentUser.dataValues) let student = await Student.findAll({where : { ClassId : currentUser.dataValues.Class.dataValues.id - },include : [Class,Mapel]}); + },include : [Class,Mapel,Score]}); if (student.length){ res.status(200).json({ msg: "Success Get All Data of Student", diff --git a/models/mapel.js b/models/mapel.js index 9a3ce5c..c604ead 100644 --- a/models/mapel.js +++ b/models/mapel.js @@ -17,7 +17,7 @@ module.exports = (sequelize, DataTypes) => { // }); // this.belongsToMany(models.mapel,{through:"Scores"}) - this.belongsToMany(models.Student,{through:"Scores"}) + this.belongsToMany(models.Student,{through:"Scores",foreignKey:"MapelId",otherKey:"studentId"}) } }; Mapel.init({ diff --git a/models/score.js b/models/score.js index f1d4571..0b56a32 100644 --- a/models/score.js +++ b/models/score.js @@ -21,7 +21,7 @@ module.exports = (sequelize, DataTypes) => { Score.hasMany(models.Mapel, { foreignKey: 'id' }) - this.belongsToMany(models.Student,{through:"Scores"}) + this.belongsToMany(models.Student,{through:"Scores",foreignKey:"id"}) } }; Score.init({ diff --git a/models/student.js b/models/student.js index 9dc8fdf..eddd8c5 100644 --- a/models/student.js +++ b/models/student.js @@ -12,7 +12,8 @@ module.exports = (sequelize, DataTypes) => { static associate(models) { // define association here this.belongsTo(models.Class,{foreignKey:"ClassId"}) - this.belongsToMany(models.Mapel,{through:"Scores"}) + this.belongsToMany(models.Mapel,{through:"Scores",foreignKey:"id"}) + // this.belongsToMany(models.Score,{through:"Scores"}) this.belongsTo(models.Score,{foreignKey:"id"}) } };