(Only do this ticket after the roles are added to the database).
Only administrators are allowed to delete fish!
[ ] Protect the delete route for fish using express-jwt. This will add a user id to req.user.sub (short for 'subject').
[ ] Use the userid to look up the user and see what role they have. You'll probably need a new database function for this one.
[ ] If the user doesn't have the 'administrator' role, issue an error using res.json. Otherwise, allow them to delete the fish!
Ask for help from @richchurcher early on this one. Don't forget tests: very important to be able to prove that only admins are allowed to do admin functions!
(Only do this ticket after the roles are added to the database).
Only administrators are allowed to delete fish!
express-jwt. This will add a user id toreq.user.sub(short for 'subject').res.json. Otherwise, allow them to delete the fish!Ask for help from @richchurcher early on this one. Don't forget tests: very important to be able to prove that only admins are allowed to do admin functions!