Change getAssignment to accept both a secret or a logged user

b118eeae · joel.vonderwe · 5adda6d7 · b118eeae · b118eeae · b118eeae
Commit b118eeae authored 11 months ago by joel.vonderwe
--- a/ExpressAPI/.idea/vcs.xml
+++ b/ExpressAPI/.idea/vcs.xml
@@ -2,6 +2,7 @@
 <project version="4">
  <component name="VcsDirectoryMappings">
    <mapping directory="$PROJECT_DIR$/.." vcs="Git" />
+    <mapping directory="$PROJECT_DIR$/.idea/jetbrainsConfiguration" vcs="Git" />
    <mapping directory="$PROJECT_DIR$/src/shared" vcs="Git" />
  </component>
 </project>
\ No newline at end of file
--- a/ExpressAPI/src/managers/AssignmentManager.ts
+++ b/ExpressAPI/src/managers/AssignmentManager.ts
@@ -5,6 +5,9 @@ import db                   from '../helpers/DatabaseHelper';

 class AssignmentManager {
    async isUserAllowedToAccessAssignment(assignment: Assignment, user: User): Promise<boolean> {
+        if (user === null || user === undefined) {
+            return false;
+        }
        if ( !assignment.staff ) {
            assignment.staff = await db.assignment.findUnique({
                                                                  where: {

--- a/ExpressAPI/src/middlewares/SecurityMiddleware.ts
+++ b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
@@ -21,6 +21,9 @@ class SecurityMiddleware {
                for ( const checkType of checkTypes ) {
                    try {
                        switch ( String(checkType) ) {
+                            case SecurityCheckType.USER:
+                                isAllowed = isAllowed || (req.session.profile !== null && req.session.profile !== undefined);
+                                break;
                            case SecurityCheckType.TEACHING_STAFF:
                                isAllowed = isAllowed || req.session.profile.isTeachingStaff;
                                break;

--- a/ExpressAPI/src/routes/AssignmentRoutes.ts
+++ b/ExpressAPI/src/routes/AssignmentRoutes.ts
@@ -71,7 +71,7 @@ class AssignmentRoutes implements RoutesManager {
    registerOnBackend(backend: Express) {
        backend.get('/assignments/languages', this.getLanguages.bind(this));

-        backend.get('/assignments/:assignmentNameOrUrl', SecurityMiddleware.check(true), this.getAssignment.bind(this));
+        backend.get('/assignments/:assignmentNameOrUrl', SecurityMiddleware.check(false, SecurityCheckType.ASSIGNMENT_SECRET, SecurityCheckType.USER), this.getAssignment.bind(this));
        backend.post('/assignments', SecurityMiddleware.check(true, SecurityCheckType.TEACHING_STAFF), ParamsValidatorMiddleware.validate(this.assignmentValidator), this.createAssignment.bind(this));

        backend.patch('/assignments/:assignmentNameOrUrl/publish', SecurityMiddleware.check(true, SecurityCheckType.ASSIGNMENT_STAFF), this.changeAssignmentPublishedStatus(true).bind(this));
@@ -91,7 +91,6 @@ class AssignmentRoutes implements RoutesManager {
            delete assignment.gitlabCreationInfo;
            delete assignment.gitlabLastInfo;
            delete assignment.gitlabLastInfoDate;
-            delete assignment.useSonar;
            delete assignment.staff;
            delete assignment.exercises;
        }

--- a/shared @ bf8d6180
+++ b/shared @ bf8d6180
-Subproject commit 4d1e63ebbbe7e6fec1de74d79a2919047eea5775
+Subproject commit bf8d6180e6d86bf97bd8e8b16ee00826172ed287
--- a/ExpressAPI/src/types/SecurityCheckType.ts
+++ b/ExpressAPI/src/types/SecurityCheckType.ts
@@ -4,6 +4,7 @@ enum SecurityCheckType {
    ASSIGNMENT_IS_PUBLISHED = 'assignmentIsPublished',
    EXERCISE_SECRET         = 'exerciseSecret',
    ASSIGNMENT_SECRET       = 'assignmentSecret',
+    USER                    = 'user',
 }