From 1e17f4ccf938657eaac1c2aace8fb4fa3347fc86 Mon Sep 17 00:00:00 2001
From: Henrique-Sousa <29417378+Henrique-Sousa@users.noreply.github.com>
Date: Thu, 2 Apr 2026 13:40:21 -0300
Subject: [PATCH] feat: jwt, apenas dev e admin podem criar, deletar e
 modificar dados

---
 server/core/_service_config.js | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/server/core/_service_config.js b/server/core/_service_config.js
index e807f5e..8adb329 100644
--- a/server/core/_service_config.js
+++ b/server/core/_service_config.js
@@ -3,11 +3,18 @@
  *  When service need public access...
  */
 if (_env.is("dev")) {
-  _service.allow()
+  _service.allow();
 }
 
-/*
-  if (_service.path == 'samples/my-service') {
-    _service.allow()
+if ((_service.path.startsWith("pacientes") || _service.path.startsWith("medicos")) && (!_service.path.endsWith("get"))) {
+  _log.debug(`_group.id: ${_group.id}`);
+  _log.debug(`_user.id: ${_user.id}`);
+  _log.debug(`_auth.isJWT(): ${_auth.isJWT()}`);
+  if (_auth.isJWT() && (_group.id == 1 || _group.id == 2) && (_user.id == 1 || _user.id == 2)) {
+    _log.debug("allowed");
+    _service.allow();
+  } else {
+    _log.debug("denied");
+    _service.deny();
   }
-*/
+}