FTP-YCAB-Fullstack · wirahadi007 · Oct 1, 2021 · Oct 2, 2021 · Oct 2, 2021 · Oct 2, 2021
diff --git a/controllers/mapelController.js b/controllers/mapelController.js
@@ -1,19 +1,37 @@
 "use strict"
 
-const {Mapel,Score} = require("../models");
+const {Mapel,Score,Student} = require("../models");
 
 const mapelController= {
     getMapel: async(req,res,next)=>{
         try {
-            let mapel = await Mapel.findAll();
-            res.status(200).json({
-                message: 'Success',
-                mapel
-            })
+            const currentUser = req.currentUser;
+            if(currentUser.role === "admin"){
+                let mapel = await Mapel.findAll();
+                if(mapel.length){
+
+                    res.status(200).json({
+                        message: 'Success',
+                        mapel,
+                        currentUser
+                    })
+                }else{
+                    res.status(404).json({
+                        msg : "Data is Empty"
+                    })
+                }
+            }
+
+            if(currentUser.role === "teacher"){
+                let mapel = await Mapel.findAll();
+                res.status(200).json({
+                    message: 'Success',
+                    mapel,
+                    currentUser
+                })
+            }
         } catch (error) {
-            res.status(500).json({
-                error
-            })
+            next({code:500,message:error.message})
         }
     },
     getDetail: async(req,res,next)=>{
@@ -39,60 +57,89 @@ const mapelController= {
     },
     addMapel: async(req,res,next)=>{
         try {
-            let {nama_mapel} = req.body;
-
-            let data = await Mapel.create({nama_mapel});
+            const currentUser = req.currentUser
+            console.log(currentUser.role)
 
-
-            res.status(201).json({
-                status: 'success',
-                data
-            })
-
+            let {nama_mapel} = req.body;
+
+            if(currentUser.role === "admin"){
+
+
+                let data = await Mapel.create({nama_mapel});
+
+
+                res.status(201).json({
+                    status: 'success',
+                    data
+                })
+            }else{
+                res.status(401).json({
+                    message:"User Access Denied"
+                })
+            }
         } catch (err) {
             next({code: 500, message: err.message || 'Internal Server Error'})
 
         }
     },
     patchMapel: async(req,res,next)=>{
         try {
-            let {nama_mapel} = req.body;
-
-            let data = await Score.findOne({
-                where: {
-                    id: req.params.id
+            const currentUser = req.currentUser
+            console.log(currentUser.role)
+            if (currentUser.role === "admin") {
+
+                let {nama_mapel} = req.body;
+
+                let data = await Score.findOne({
+                    where: {
+                        id: req.params.id
+                    }
+                });
+
+                if (!data) {
+                    return next({code: 400, message: 'Not Found, try with another id'})
                 }
-            });
-
-            if (!data) {
-                return next({code: 400, message: 'Not Found, try with another id'})
+
+                data.nama_mapel=nama_mapel
+
+                await data.save();
+
+                res.status(200).json({
+                    status: 'success',
+                    data
+                })
+                console.log(data.toJSON())
+            }else{
+                res.status(401).json({
+                    message:"access denied"
+                })
             }
 
-            data.nama_mapel=nama_mapel
-
-            await data.save();
-
-            res.status(200).json({
-                status: 'success',
-                data
-            })
-
-            console.log(data.toJSON())
         } catch(err) {
             next({code: 500, message: err.message || 'Internal Server Error'})
         }
     },
     deleteMapel: async(req,res,next)=>{
         try {
-            const data = await Mapel.findOne({where: {id: req.params.id}});
-
-            if (!data) {
-                return next({code: 400, message: 'Not Found, please try with another id'})
+            const currentUser = req.currentUser
+            console.log(currentUser.role)
+            if (currentUser.role === "admin") {
+
+                const data = await Mapel.findOne({where: {id: req.params.id}});
+
+                if (!data) {
+                    return next({code: 400, message: 'Not Found, please try with another id'})
+                }
+
+                await data.destroy();
+
+                res.sendStatus(204)
+            }
+            else{
+                res.status(401).json({
+                    message: "Access Denied"
+                })
             }
-
-            await data.destroy();
-
-            res.sendStatus(204)
         } catch(err) {
             next({code: 500, message: err.message || 'Internal Server Error'})
         }