locking down user service more. Closes #92

feathersjs-ecosystem · Mar 30, 2016 · 9c68594 · 9c68594
1 parent bece37c
commit 9c68594
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/generators/service/templates/hooks.js b/generators/service/templates/hooks.js
@@ -18,25 +18,29 @@ exports.before = {
   get: [<% if (authentication && name === 'user') { %>
     auth.verifyToken(),
     auth.populateUser(),
-    auth.restrictToAuthenticated()
+    auth.restrictToAuthenticated(),
+    auth.restrictToOwner({ ownerField: <% if (database === 'mongodb' || database === 'nedb') { %>'_id'<% } else { %>'id'<% } %> })
   <% } %>],
   create: [<% if (authentication && name === 'user') { %>
     auth.hashPassword()
   <% } %>],
   update: [<% if (authentication && name === 'user') { %>
     auth.verifyToken(),
     auth.populateUser(),
-    auth.restrictToAuthenticated()
+    auth.restrictToAuthenticated(),
+    auth.restrictToOwner({ ownerField: <% if (database === 'mongodb' || database === 'nedb') { %>'_id'<% } else { %>'id'<% } %> })
   <% } %>],
   patch: [<% if (authentication && name === 'user') { %>
     auth.verifyToken(),
     auth.populateUser(),
-    auth.restrictToAuthenticated()
+    auth.restrictToAuthenticated(),
+    auth.restrictToOwner({ ownerField: <% if (database === 'mongodb' || database === 'nedb') { %>'_id'<% } else { %>'id'<% } %> })
   <% } %>],
   remove: [<% if (authentication && name === 'user') { %>
     auth.verifyToken(),
     auth.populateUser(),
-    auth.restrictToAuthenticated()
+    auth.restrictToAuthenticated(),
+    auth.restrictToOwner({ ownerField: <% if (database === 'mongodb' || database === 'nedb') { %>'_id'<% } else { %>'id'<% } %> })
   <% } %>]
 };