Change getAssignment to accept both a secret or a logged user

bb87971e · joel.vonderwe · michael.minelli · 554759b0 · bb87971e · bb87971e
Commit bb87971e authored 1 year ago by joel.vonderwe Committed by michael.minelli 4 months ago
--- a/ExpressAPI/.idea/vcs.xml
+++ b/ExpressAPI/.idea/vcs.xml
@@ -2,6 +2,7 @@
 <project version="4">
  <component name="VcsDirectoryMappings">
    <mapping directory="$PROJECT_DIR$/.." vcs="Git" />
+    <mapping directory="$PROJECT_DIR$/.idea/jetbrainsConfiguration" vcs="Git" />
    <mapping directory="$PROJECT_DIR$/src/shared" vcs="Git" />
  </component>
 </project>
\ No newline at end of file
--- a/ExpressAPI/src/managers/AssignmentManager.ts
+++ b/ExpressAPI/src/managers/AssignmentManager.ts
@@ -5,6 +5,9 @@ import db                   from '../helpers/DatabaseHelper.js';

 class AssignmentManager {
    async isUserAllowedToAccessAssignment(assignment: Assignment, user: User): Promise<boolean> {
+        if (user === null || user === undefined) {
+            return false;
+        }
        if ( !assignment.staff ) {
            assignment.staff = await db.assignment.findUnique({
                                                                  where: {

--- a/ExpressAPI/src/middlewares/SecurityMiddleware.ts
+++ b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
@@ -14,6 +14,8 @@ class SecurityMiddleware {
    private async checkType(checkType: SecurityCheckType, req: express.Request): Promise<boolean> {
        try {
            switch ( String(checkType) ) {
+                case SecurityCheckType.USER.valueOf():
+                    return this.checkIfConnected(true, req);
                case SecurityCheckType.ADMIN.valueOf():
                    return req.session.profile.isAdmin;
                case SecurityCheckType.TEACHING_STAFF.valueOf():

--- a/ExpressAPI/src/routes/AssignmentRoutes.ts
+++ b/ExpressAPI/src/routes/AssignmentRoutes.ts
@@ -85,7 +85,7 @@ class AssignmentRoutes implements RoutesManager {
    };

    registerOnBackend(backend: Express) {
-        backend.get('/assignments/:assignmentNameOrUrl', SecurityMiddleware.check(true), this.getAssignment.bind(this) as RequestHandler);
+        backend.get('/assignments/:assignmentNameOrUrl', SecurityMiddleware.check(false, SecurityCheckType.ASSIGNMENT_SECRET, SecurityCheckType.USER), this.getAssignment.bind(this) as RequestHandler);
        backend.post('/assignments', SecurityMiddleware.check(true, SecurityCheckType.TEACHING_STAFF), ParamsValidatorMiddleware.validate(this.assignmentValidator), this.createAssignment.bind(this) as RequestHandler);

        backend.get('/assignments/languages', this.getLanguages.bind(this) as RequestHandler);
@@ -109,7 +109,6 @@ class AssignmentRoutes implements RoutesManager {
                delete assignment.gitlabCreationInfo;
                delete assignment.gitlabLastInfo;
                delete assignment.gitlabLastInfoDate;
-                delete assignment.useSonar;
                delete assignment.staff;
                delete assignment.exercises;
            }

--- a/ExpressAPI/src/types/SecurityCheckType.ts
+++ b/ExpressAPI/src/types/SecurityCheckType.ts
@@ -6,6 +6,7 @@ enum SecurityCheckType {
    ASSIGNMENT_IS_PUBLISHED = 'assignmentIsPublished',
    EXERCISE_SECRET         = 'exerciseSecret',
    ASSIGNMENT_SECRET       = 'assignmentSecret',
+    USER                    = 'user',
 }