CSE 340: Web Backend Development

W05 Assignment: Authentication and Authorization

Overview

For this assignment you will add a new page to your site that displays all the users currently registered in the system. This page will only be available for admin users, and will have a link from the dashboard page for the admin users.

New Features

1. Page that lists all registered users and their role.
2. Restrict access to that page to admin users only.
3. Add a link to the users page from the dashboard that is only visible to admin users.

Instructions

Follow these steps to complete the assignment:

1. Create the Users Page: Create a new route, controller function, and view to display all registered users. The view should list each user's name, email (username) and role.
2. Restrict Access: Update your authentication middleware to restrict access to the users page to only admin users. If a non-admin user attempts to access the page, they should be redirected to the dashboard with an appropriate message.
3. Add Link to Dashboard: Update the dashboard view to include a link to the users page. This link should only be visible to admin users.
4. Test Your Implementation: Thoroughly test your implementation to ensure that:
   • The users page displays correctly for admin users.
   • Non-admin users are redirected when attempting to access the users page.
   • The link to the users page appears only for admin users on the dashboard.

Requirements

Your assignment must implement the following requirements (including features from the learning and team activities):

1. Users and Login Functionality:
   • The users page displays all registered users with their name, email, and role, and access is restricted to admin users.
   • Users can register, log in, and log out.
   • Password hashing is used.
   • Login/Logout links display correctly based on authentication state.
2. Protected Access: Pages that require login or admin permissions are protected by requireLogin and requireRole middleware functions.
3. Link Visibility: Links for restricted access pages are only visible to users with the appropriate roles.
4. Code Organization and Standards: Files and functions match the names and patterns provided in the learning activities. All code standards are followed.
5. Deployment and Professional style: The application is deployed and looks professional.

Score

Your assignment will receive a score according to the following criteria:

• Mastery (100%): All requirements are met at the Mastery level.
• Sufficient (85%): All requirements are met at the Sufficient or Mastery level.
• Incomplete (0%): One more more requirements is not at the sufficient level.

If your assignment is graded as Incomplete, you should fix any issues and resubmit.

Submission

When you have finished this assignment:

• Return to Canvas to submit your assignment.
• You will submit both your GitHub repo URL and the URL of your hosted site (at Render).

Other Links:

• Return to: Week Overview | Course Home