refactoring requests

media-store/srv/auth.js

@@ -4,7 +4,7 @@ const jwt = require("jsonwebtoken");
 const { ACCESS_TOKEN_SECRET } = cds.env;
 class MyUser extends cds.User {
   constructor(attr, roles, id) {
-    super({ attr, _roles: roles, id });
+    super({ attr, _roles: [...roles, "authenticated-user"], id });
   }
 }
 
@@ -23,6 +23,7 @@ module.exports = (req, res, next) => {
       decodedUser.email
     );
   } catch (error) {
+    req.user = new MyUser({}, ["anonymous"], "");
   } finally {
     next();
   }

media-store/srv/browse-invoices-service.js

@@ -16,12 +16,6 @@ module.exports = async function () {
   const db = await cds.connect.to("db"); // connect to database service
   const { Invoices, InvoiceItems } = db.entities;
 
-  // this.before("*", (req) => {
-  //   if (!req.user.is("customer")) {
-  //     req.reject(403);
-  //   }
-  // });
-
   this.on("READ", "Invoices", async (req) => {
     return await db.run(req.query.where({ customer_ID: req.user.attr.ID }));
   });

media-store/srv/browse-tracks-service.cds

@@ -7,16 +7,10 @@ service BrowseTracks {
     };
 
     @readonly
-    entity MarkedTracks @(restrict : [
-    {
+    entity MarkedTracks @(restrict : [{
         grant : ['*', ],
         to    : 'customer'
-    },
-    {
-        grant : '*',
-        to    : 'employee'
-    },
-    ])             as projection on my.Tracks;
+    }])            as projection on my.Tracks;
 
     /*
     Below entities exposed

media-store/srv/browse-tracks-service.js

@@ -16,12 +16,6 @@ const selectTracksByEmail = (email) => `
 module.exports = async function () {
   const db = await cds.connect.to("db"); // connect to database service
 
-  // this.before("READ", "MarkedTracks", (req) => {
-  //   if (!req.user.is("customer")) {
-  //     req.reject(403);
-  //   }
-  // });
-
   this.on("READ", "MarkedTracks", async (req) => {
     const myTrackIds = (await db.run(selectTracksByEmail(req.user.id))).map(
       ({ ID }) => ID