You will see at the end of the deploy script something like:
username: admin
password: 6CVR16mbSqP9pmgtvBx8yK3EuCcHwebk
=>
=> Your node app is at: http://0.0.0.0:8428
=> Log in with the username and password above.
=>
That is your admin user (the password will be different).
To start, get the latest master branch of https://github.com/dcycle/starterkit-node
Run ./scripts/deploy.sh
You will see at the end of the deploy script something like:
That is your admin user (the password will be different).
To create another user you can run:
You will now see:
Go to http://0.0.0.0:8428 on one browser and log in as admin
Go to http://0.0.0.0:8428 on another browser and log in as another-user
Confirm you see the Send Message page on both browsers.
On one browser, fill in the form. In Name, put "Hello". In "Your message here", put "This is a message".
Confirm you see the message on both windows.
In the other window, you can write another message, and see it appear in real time in both windows.
Your task
Start by reading and understanding the README of https://github.com/dcycle/starterkit-node, and playing around with the code.
For now, all users (in this example admin and another-user) can do everything on the site.
In ./app/code, we have a number of "modules" in the site, each has dependencies and you can call actions on them. Understand how this works.
For example, the "authentication" module has a function to add fields to users, like this:
I want to be able to do the following:
First, I'd like to add the following files to the ./app/private/ directory:
I'd like you to create a new module named "restricted by permission" which does the following:
Then, I'd like users to not have access to these files by default.
If user "admin" or user "another-user" vists http://0.0.0.0:8428/restricted-by-permission/permission-xyz/whatever.html or http://0.0.0.0:8428/restricted-by-permission/permission-xyz/index.html, they should see get the contents of ./app/private/restricted-by-permission/permission-xyz/no-access/index.html with a response code 403.
If we add the permission "view-content-permission-xyz", like this:
Then, if as user "admin", we visit http://0.0.0.0:8428/restricted-by-permission/permission-xyz/index.html or http://0.0.0.0:8428/restricted-by-permission/permission-xyz/style.css, we should see the contents of ./app/private/restricted-by-permission/permission-xyz/access/index.html or ./app/private/restricted-by-permission/permission-xyz/access/style.css with a response code 200.