Assignment 3 - Member Authentication

Instructions

In this assignment you will extend to verify an Admin and grant appropriate privileges to
an Admin. In addition, you will allow only a member to update his/her information. Neither
another member, nor an Admin can edit this information.

 You will now create the members Schema and model to support the document:

"membername": "admin",

"password": "xxxxxxxxxxxxxxxxxxxxxxxxx",

“name”: “Joe Biden”,

“YOB”: 1990,

“isAdmin”: true
}
Password must be hashed by using bcrypt module.

 Your database contains some collections, the schema as follow:

const brandSchema = new Schema({ brandName: String},{ timestamps: true, });

const watcheschema = new Schema({

watchName:{ type: String, require: true},

image:{ type: String, require: true},

price: {type: Number, require: true},

Automatic:{type: Boolean, default: false},

watchDescription:{type: String, require: true},

comments: [commentSchema]

1
 brand:{type: mongoose.Schema.Types.ObjectId, ref: "Brands", require: true},

},{ timestamps: true, });

commentSchema = new Schema({

rating:{ type: Number, min: 1, max:3, require: true},

content: {type: String, require: true},

author:{ type: mongoose.Schema.Types.ObjectId, ref: "Members", require: true }

},{timestamps: true}

const memberSchema = new Schema({

membername{ type: String, require: true}, password{ type: String, require: true}, isAdmin:
{type: Boolean, default: false}},{ timestamps: true, });

Assignment Overview

At the end of this assignment, you would have completed the following:

 Implement the login action, using OAuth2 is a plus.

 Using Mongoose population to populate information into the watch document from the
referenced brand document.

 Check if a verified ordinary member also has Admin privileges.

 Allow anyone to perform GET operations on public routes.

 Allow only an Admin to perform GET, POST, PUT and DELETE operations in private
routes.

 Allow an Admin to be able to GET all the registered members' information from the
database.

2
 Allow a member to edit his/her information. They should be restricted from performing
such operations only on his/her own account. No member or even the Admin can edit
or delete the information by other members.

 Members can send their comments to watches. Only one comment on an watch.

Assignment Requirements

This assignment is divided into four tasks as detailed below; all tasks should build
with their UI:

Task 1

In this task you will implement the public routes which all the users can access, including:

 The index route that shows all of watches, the data will include name, image and
brandName.

 The detailed route will display all the watch’s information.

 Members can search by watch name.

 Members can filter by brand name

 Member can register an account, the default role is not Admin.

 Members can login by his/her account after successful registration.

 A member can edit his/her information after logging in successfully.

 A member can change his/her password.

 A member can manage his/her feedback and rating a watch once.

 Outstanding design for the true value (Automatic property) of the watch.

Task 2

In this task you will update all the routes to ensure that only the Admin can perform GET,
POST, PUT and DELETE operations. Update the code for all the routers to support this.
These operations should be supported for the following endpoints:

 GET, POST, PUT and DELETE operations on /brands and / brands /: brandId

3
 GET, POST, PUT and DELETE operations on /watches and / watches /: watchId

Task 3

In this task you will implement the feedback feature that includes the posting comment and
rating function. Only members can feddback. Each member can only feedback one watch
once.

Task 4

In this task you will now activate the /accounts endpoint. When an Admin sends a GET
request to /accounts you will return the list of all the members. Ordinary members are
forbidden from performing this operation.