diff --git a/ExpressAPI/.idea/vcs.xml b/ExpressAPI/.idea/vcs.xml
index 058164e2d728ef8d9811ed7f89d74bad73bcfd0d..17500a1cae0dbea6e289deb4c99e62bfb363e3e4 100644
--- a/ExpressAPI/.idea/vcs.xml
+++ b/ExpressAPI/.idea/vcs.xml
@@ -2,6 +2,7 @@
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="$PROJECT_DIR$/.." vcs="Git" />
+ <mapping directory="$PROJECT_DIR$/.idea/jetbrainsConfiguration" vcs="Git" />
<mapping directory="$PROJECT_DIR$/src/shared" vcs="Git" />
</component>
</project>
\ No newline at end of file
diff --git a/ExpressAPI/src/managers/AssignmentManager.ts b/ExpressAPI/src/managers/AssignmentManager.ts
index ce680b4b1dc002f1d3997ced96b8931c1c766cde..f7b1125788d2476235f866a9701e5dd4182cd55b 100644
--- a/ExpressAPI/src/managers/AssignmentManager.ts
+++ b/ExpressAPI/src/managers/AssignmentManager.ts
@@ -5,6 +5,9 @@ import db from '../helpers/DatabaseHelper';
class AssignmentManager {
async isUserAllowedToAccessAssignment(assignment: Assignment, user: User): Promise<boolean> {
+ if (user === null || user === undefined) {
+ return false;
+ }
if ( !assignment.staff ) {
assignment.staff = await db.assignment.findUnique({
where: {
diff --git a/ExpressAPI/src/middlewares/SecurityMiddleware.ts b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
index 347fad42743ef645c731f78ea367ac1af27b7b40..b750506b3d8e0f699975b8f7bc254e29ea46f254 100644
--- a/ExpressAPI/src/middlewares/SecurityMiddleware.ts
+++ b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
@@ -21,6 +21,9 @@ class SecurityMiddleware {
for ( const checkType of checkTypes ) {
try {
switch ( String(checkType) ) {
+ case SecurityCheckType.USER:
+ isAllowed = isAllowed || (req.session.profile !== null && req.session.profile !== undefined);
+ break;
case SecurityCheckType.TEACHING_STAFF:
isAllowed = isAllowed || req.session.profile.isTeachingStaff;
break;
diff --git a/ExpressAPI/src/routes/AssignmentRoutes.ts b/ExpressAPI/src/routes/AssignmentRoutes.ts
index ed956528054a27055fcbe2ccb040fbaa3f191cca..ed9be070d6d566de745701bb51289c3380500e59 100644
--- a/ExpressAPI/src/routes/AssignmentRoutes.ts
+++ b/ExpressAPI/src/routes/AssignmentRoutes.ts
@@ -71,7 +71,7 @@ class AssignmentRoutes implements RoutesManager {
registerOnBackend(backend: Express) {
backend.get('/assignments/languages', this.getLanguages.bind(this));
- backend.get('/assignments/:assignmentNameOrUrl', SecurityMiddleware.check(true), this.getAssignment.bind(this));
+ backend.get('/assignments/:assignmentNameOrUrl', SecurityMiddleware.check(false, SecurityCheckType.ASSIGNMENT_SECRET, SecurityCheckType.USER), this.getAssignment.bind(this));
backend.post('/assignments', SecurityMiddleware.check(true, SecurityCheckType.TEACHING_STAFF), ParamsValidatorMiddleware.validate(this.assignmentValidator), this.createAssignment.bind(this));
backend.patch('/assignments/:assignmentNameOrUrl/publish', SecurityMiddleware.check(true, SecurityCheckType.ASSIGNMENT_STAFF), this.changeAssignmentPublishedStatus(true).bind(this));
@@ -91,7 +91,6 @@ class AssignmentRoutes implements RoutesManager {
delete assignment.gitlabCreationInfo;
delete assignment.gitlabLastInfo;
delete assignment.gitlabLastInfoDate;
- delete assignment.useSonar;
delete assignment.staff;
delete assignment.exercises;
}
diff --git a/ExpressAPI/src/shared b/ExpressAPI/src/shared
index 4d1e63ebbbe7e6fec1de74d79a2919047eea5775..bf8d6180e6d86bf97bd8e8b16ee00826172ed287 160000
--- a/ExpressAPI/src/shared
+++ b/ExpressAPI/src/shared
@@ -1 +1 @@
-Subproject commit 4d1e63ebbbe7e6fec1de74d79a2919047eea5775
+Subproject commit bf8d6180e6d86bf97bd8e8b16ee00826172ed287
diff --git a/ExpressAPI/src/types/SecurityCheckType.ts b/ExpressAPI/src/types/SecurityCheckType.ts
index 8b1df516d5af0333b5326ed85254fb41d7ee98de..018ea88c53c7277ac1897f81d5e2cfb7d20436b0 100644
--- a/ExpressAPI/src/types/SecurityCheckType.ts
+++ b/ExpressAPI/src/types/SecurityCheckType.ts
@@ -4,6 +4,7 @@ enum SecurityCheckType {
ASSIGNMENT_IS_PUBLISHED = 'assignmentIsPublished',
EXERCISE_SECRET = 'exerciseSecret',
ASSIGNMENT_SECRET = 'assignmentSecret',
+ USER = 'user',
}