victorlucss · rgllima · Jun 27, 2020 · Jun 27, 2020 · Jun 27, 2020 · Jun 27, 2020
diff --git a/src/controller/ProfileController.js b/src/controller/ProfileController.js
@@ -0,0 +1,67 @@
+import { ProfileRepository } from "../repository";
+import { GlobalHandler, ThrowableError, getMessage } from "../utils";
+
+export default class ProfileController {
+
+    constructor(){
+        this.repository = new ProfileRepository();
+    }
+
+    async listProfiles(req, res) {
+        try {
+            const filters = req.filters;
+            const { includes } = req.query;
+
+            let profiles = await this.repository.findAll(filters, includes)
+            res.send(profiles)
+        } catch(error){
+            const sanitizedError = GlobalHandler.handle(error);
+
+            res.status(sanitizedError.code).send(sanitizedError)
+        }
+    }
+
+    async saveProfile(req, res) {
+        try {
+            const profile = req.body;
+
+            let savedProfile = await this.repository.store(profile)
+            res.send(savedProfile)
+        } catch (error){
+            const sanitizedError = GlobalHandler.handle(error);
+
+            res.status(sanitizedError.code).send(sanitizedError)
+        }
+    }
+
+    async updateProfileRoles(req, res) {
+        try {
+            const { id } = req.params;
+            const roles = req.body;
+
+            if(!Array.isArray(roles)) throw new ThrowableError(getMessage('bodyMustBeArray')('roles'), 'ValidationError', 400);
+
+            let updatedProfile = await this.repository.update(roles, id)
+            res.send(updatedProfile)
+        } catch (error){
+            const sanitizedError = GlobalHandler.handle(error);
+
+            res.status(sanitizedError.code).send(sanitizedError)
+        }
+    }
+
+    async deleteProfile(req, res) {
+        try {
+            const { id } = req.params;
+
+            await this.repository.delete(id)
+            res.json({
+                message: `Profile with id ${id} successful deleted!`
+            })
+        } catch (error){
+            const sanitizedError = GlobalHandler.handle(error);
+
+            res.status(sanitizedError.code).send(sanitizedError)
+        }
+    }
+}
diff --git a/src/controller/RoleController.js b/src/controller/RoleController.js
@@ -0,0 +1,44 @@
+import { RoleRepository } from "../repository";
+import { GlobalHandler, ThrowableError, } from "../utils";
+
+export default class ProfileController {
+
+    constructor(){
+        this.repository = new RoleRepository();
+    }
+
+    async listRoles(req, res) {
+        const filters = req.filters;
+
+        let roles = await this.repository.findAll(filters)
+        res.send(roles)
+    }
+
+    async saveRole(req, res) {
+        try {
+            const role = req.body;
+
+            let savedRole = await this.repository.store(role)
+            res.send(savedRole)
+        } catch (error){
+            const sanitizedError = GlobalHandler.handle(error);
+
+            res.status(sanitizedError.code).send(sanitizedError)
+        }
+    }
+
+    async deleteRole(req, res) {
+        try {
+            const { id } = req.params;
+
+            await this.repository.delete(id)
+            res.json({
+                message: `Role with id ${id} successful deleted!`
+            })
+        } catch (error){
+            const sanitizedError = GlobalHandler.handle(error);
+
+            res.status(sanitizedError.code).send(sanitizedError)
+        }
+    }
+}
diff --git a/src/controller/UserController.js b/src/controller/UserController.js
@@ -15,6 +15,8 @@ export default class UserController {
             const user = req.body;
 
             const foundUser = await this.repository.findOneByEmail(user.email);
+
+            foundUser._doc.profile.roles.map((v, index) => foundUser._doc.profile.roles[index] = v.name);
 
             const validPass = checkEncrypt(user.password, foundUser.password);
 
@@ -25,6 +27,8 @@ export default class UserController {
             const token = jwt.sign({
                 id: foundUser._id,
                 email: foundUser.email,
+                profile: foundUser.profile.name,
+                roles: foundUser.profile.roles
                 },
                 environment.privateJWT,
                 { expiresIn: "7d" }

diff --git a/src/controller/index.js b/src/controller/index.js
@@ -1,3 +1,7 @@
 import user from "./UserController.js";
+import profile from "./ProfileController";
+import role from "./RoleController";
 
-export const UserController = user;
+export const UserController = user;
+export const ProfileController = profile;
+export const RoleController = role;
diff --git a/src/middleware/HasRoles.js b/src/middleware/HasRoles.js
@@ -0,0 +1,25 @@
+import { GlobalHandler, ThrowableError, getMessage } from "../utils";
+
+export const HasRoles = function(roles = []) {
+    return [
+        (req,res,next) => {
+            try {
+                if(req.decoded && req.decoded.roles) {
+                    if(req.decoded.roles.length == 0) throw new ThrowableError(getMessage('unauthorizedAccess'), 'AuthorizationError', 403);
+                    req.decoded.roles.forEach(role => {
+                        if(!roles.includes(role)) {
+                            throw new ThrowableError(getMessage('roleNotPresent')(role), 'AuthorizationError', 403);
+                        }
+                    })
+
+                    next();
+                } else throw new ThrowableError(getMessage('unauthorizedAccess'), 'AuthorizationError', 403);
+
+            } catch (error) {
+                const sanitizedError = GlobalHandler.handle(error);
+
+                return res.status(sanitizedError.code).send(sanitizedError)
+            }      
+        }
+    ];
+}
diff --git a/src/middleware/index.js b/src/middleware/index.js
@@ -1,3 +1,4 @@
 export * from "./Cors";
 export * from "./RetrieveFilters";
 export * from "./CheckToken";
+export * from "./HasRoles";
diff --git a/src/model/ProfileModel.js b/src/model/ProfileModel.js
@@ -0,0 +1,30 @@
+import { Schema, model } from "mongoose";
+
+const schema = new Schema({
+  name: {
+    type: String,
+    required: true,
+    unique: true,
+  },
+
+  roles: [
+      {
+          type: String,
+          ref: "Role"
+      }
+  ],
+
+  lastUpdated: {
+    type: Date,
+    default: Date.now(),
+  },
+
+  createdAt: {
+    type: Date,
+    default: Date.now(),
+  },
+}, {
+  versionKey: false,
+});
+
+export default model("Profile", schema, "profiles");
diff --git a/src/model/RoleModel.js b/src/model/RoleModel.js
@@ -0,0 +1,23 @@
+import { Schema, model } from "mongoose";
+
+const schema = new Schema({
+  name: {
+    type: String,
+    required: true,
+    unique: true,
+  },
+
+  lastUpdated: {
+    type: Date,
+    default: Date.now(),
+  },
+
+  createdAt: {
+    type: Date,
+    default: Date.now(),
+  },
+}, {
+  versionKey: false,
+});
+
+export default model("Role", schema, "roles");
diff --git a/src/model/UserModel.js b/src/model/UserModel.js
@@ -12,6 +12,11 @@ const schema = new Schema({
     default: "",
   },
 
+  profile: {
+    type: String,
+    ref: "Profile"
+  },
+
   lastUpdated: {
     type: Date,
     default: Date.now(),

diff --git a/src/model/index.js b/src/model/index.js
@@ -1,3 +1,7 @@
 import user from "./UserModel";
+import profile from "./ProfileModel";
+import role from "./RoleModel";
 
-export const UserModel = user;
+export const UserModel = user;
+export const ProfileModel = profile;
+export const RoleModel = role;
diff --git a/src/repository/ProfileRepository.js b/src/repository/ProfileRepository.js
@@ -0,0 +1,68 @@
+import { ProfileModel } from "../model";
+import { ThrowableError } from "../utils";
+import { getMessage } from "../utils";
+
+export default class ProfileRepository {
+    /**
+     * List all profiles in DB
+     * @param {object} [filters={}]
+     * @param {string[]} [includes=[]]
+     * @memberof ProfileRepository
+    */
+    async findAll(filters = {}, includes = null){
+        let profiles = await ProfileModel
+            .find(filters)
+            .populate(includes)
+
+        return profiles
+    }
+
+    /**
+     * Store a Profile in DB
+     * @param {ProfileModel} profile
+     * @memberof ProfileRepository
+    */
+    async store(profile){
+        let storedProfile = await ProfileModel.create(profile);
+        return storedProfile;
+
+    }
+
+    /**
+     * Update roles in a Profile
+     * @param {number[]} roles
+     * @param {number} id
+     * @memberof ProfileRepository
+    */
+    async update(roles, id){
+        let foundProfile = await ProfileModel
+            .findById(id);
+
+        if(!foundProfile) {
+            throw new ThrowableError(getMessage('profileNotFound')('id', id), 'MongoError', 404);
+        }
+
+        foundProfile.roles = roles
+
+        await foundProfile.save();
+
+        return foundProfile;
+    }
+
+    /**
+     * Delete a Profile in DB
+     * @param {number} id
+     * @memberof ProfileRepository
+    */
+    async delete(id){
+        let foundProfile = await ProfileModel.findById(id);
+
+        if(!foundProfile) {
+            throw new ThrowableError(getMessage('profileNotFound')('id', id), 'MongoError', 404);
+        }
+
+        await ProfileModel.deleteOne({ _id: id });
+
+        return getMessage('profileDeleted')(id);
+    }
+}
diff --git a/src/repository/RoleRepository.js b/src/repository/RoleRepository.js
@@ -0,0 +1,45 @@
+import { RoleModel } from "../model";
+import { ThrowableError } from "../utils";
+import { getMessage } from "../utils";
+
+export default class RoleRepository {
+    /**
+     * List all roles in DB
+     * @param {object} [filters={}]
+     * @memberof RoleRepository
+    */
+    async findAll(filters = {}){
+        let roles = await RoleModel
+            .find(filters)
+
+        return roles
+    }
+
+    /**
+     * Store a Role in DB
+     * @param {RoleModel} role
+     * @memberof RoleRepository
+    */
+    async store(role){
+        let storedRole = await RoleModel.create(role);
+        return storedRole;
+
+    }
+
+    /**
+     * Delete a Role in DB
+     * @param {number} id
+     * @memberof RoleRepository
+    */
+    async delete(id){
+        let foundRole = await RoleModel.findById(id);
+
+        if(!foundRole) {
+            throw new ThrowableError(getMessage('profileNotFound')('id', id), 'MongoError', 404);
+        }
+
+        await RoleModel.deleteOne({ _id: id });
+
+        return getMessage('profileDeleted')(id);
+    }
+}
diff --git a/src/repository/UserRepository.js b/src/repository/UserRepository.js
@@ -17,14 +17,22 @@ export default class UserRepository {
     }
 
     /**
-     * List all users in DB filtering by e-mail and return the encoded password
+     * List all users in DB filtering by e-mail and return the encoded password and profiles
      * @param {string} email
      * @memberof UserRepository
     */
    async findOneByEmail(email){
     let foundUser = await UserModel
         .findOne({
             email: email
+        })
+        .populate({
+            path: 'profile',
+            select: 'roles name -_id',
+            populate: {
+                path: 'roles',
+                select: 'name -_id'
+            }
         });
 
     if(!foundUser) {