From 39f03067fb634d93c6abddd25d0967c7475f4109 Mon Sep 17 00:00:00 2001
From: puckey <jonathan@puckey.studio>
Date: Mon, 27 Jul 2020 16:53:11 +0200
Subject: [PATCH 1/2] Add /api/admin authorization

---
 src/server/controllers/api/admin/dummies.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/server/controllers/api/admin/dummies.js b/src/server/controllers/api/admin/dummies.js
index 4322e4c..94c08dc 100644
--- a/src/server/controllers/api/admin/dummies.js
+++ b/src/server/controllers/api/admin/dummies.js
@@ -5,6 +5,7 @@ export class Dummies extends ModelController {
   modelClass = Dummy
   eagerScope = 'admin'
   graph = true
+  authorize = ctx => ctx.isAuthenticated()
 
   collection = {
     allow: ['find', 'insert']

From b03ebdb2cbf777e5618c4933725c6a8e04501586 Mon Sep 17 00:00:00 2001
From: puckey <jonathan@puckey.studio>
Date: Fri, 31 Jul 2020 17:10:37 +0200
Subject: [PATCH 2/2] Implement user roles

---
 migrations/20200716111333_user.js           |  1 +
 seeds/User.js                               |  3 ++-
 src/server/controllers/api/admin/dummies.js |  1 +
 src/server/models/user.js                   | 15 ++++++++++++++-
 4 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/migrations/20200716111333_user.js b/migrations/20200716111333_user.js
index 9916126..83a22f6 100644
--- a/migrations/20200716111333_user.js
+++ b/migrations/20200716111333_user.js
@@ -5,6 +5,7 @@ export async function up(knex) {
       table.string('username').notNullable()
       table.string('hash')
       table.timestamp('last_login').nullable()
+      table.json('roles')
     })
 }
 
diff --git a/seeds/User.js b/seeds/User.js
index dfa26a3..cc1cfc6 100644
--- a/seeds/User.js
+++ b/seeds/User.js
@@ -1,6 +1,7 @@
 export default [
   {
     username: 'ditojs',
-    password: 'ditojs'
+    password: 'ditojs',
+    roles: ['admin', 'editor']
   }
 ]
diff --git a/src/server/controllers/api/admin/dummies.js b/src/server/controllers/api/admin/dummies.js
index 31cb764..abb89e5 100644
--- a/src/server/controllers/api/admin/dummies.js
+++ b/src/server/controllers/api/admin/dummies.js
@@ -5,6 +5,7 @@ export class Dummies extends ModelController {
   modelClass = Dummy
   scope = '^admin'
   graph = true
+  authorize = ['admin', 'editor']
 
   collection = {
     allow: ['find', 'insert']
diff --git a/src/server/models/user.js b/src/server/models/user.js
index 65c0cc3..f3361a7 100644
--- a/src/server/models/user.js
+++ b/src/server/models/user.js
@@ -1,3 +1,16 @@
 import { UserModel } from '@ditojs/server'
 
-export class User extends UserModel { }
+export class User extends UserModel {
+  static properties = {
+    roles: {
+      type: 'array',
+      items: {
+        type: 'string',
+        enum: ['admin', 'editor']
+      },
+      minItems: 1,
+      uniqueItems: true,
+      required: true
+    }
+  }
+}