feat: jwt, apenas dev e admin podem criar, deletar e modificar dados

server/core/_service_config.js

@@ -3,11 +3,18 @@
  *  When service need public access...
  */
 if (_env.is("dev")) {
-  _service.allow()
+  _service.allow();
 }
 
-/*
-  if (_service.path == 'samples/my-service') {
-    _service.allow()
+if ((_service.path.startsWith("pacientes") || _service.path.startsWith("medicos")) && (!_service.path.endsWith("get"))) {
+  _log.debug(`_group.id: ${_group.id}`);
+  _log.debug(`_user.id: ${_user.id}`);
+  _log.debug(`_auth.isJWT(): ${_auth.isJWT()}`);
+  if (_auth.isJWT() && (_group.id == 1 || _group.id == 2) && (_user.id == 1 || _user.id == 2)) {
+    _log.debug("allowed");
+    _service.allow();
+  } else {
+    _log.debug("denied");
+    _service.deny();
   }
-*/
+}