From bb87971ed8462a89590e64893a54a6805829ca0d Mon Sep 17 00:00:00 2001
From: Joel von der Weid <joel.von-der-weid@hesge.ch>
Date: Wed, 12 Jun 2024 09:53:15 +0200
Subject: [PATCH] Change getAssignment to accept both a secret or a logged user
---
ExpressAPI/.idea/vcs.xml | 1 +
ExpressAPI/src/managers/AssignmentManager.ts | 3 +++
ExpressAPI/src/middlewares/SecurityMiddleware.ts | 2 ++
ExpressAPI/src/routes/AssignmentRoutes.ts | 3 +--
ExpressAPI/src/types/SecurityCheckType.ts | 1 +
5 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/ExpressAPI/.idea/vcs.xml b/ExpressAPI/.idea/vcs.xml
index 058164e..17500a1 100644
--- a/ExpressAPI/.idea/vcs.xml
+++ b/ExpressAPI/.idea/vcs.xml
@@ -2,6 +2,7 @@
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="$PROJECT_DIR$/.." vcs="Git" />
+ <mapping directory="$PROJECT_DIR$/.idea/jetbrainsConfiguration" vcs="Git" />
<mapping directory="$PROJECT_DIR$/src/shared" vcs="Git" />
</component>
</project>
\ No newline at end of file
diff --git a/ExpressAPI/src/managers/AssignmentManager.ts b/ExpressAPI/src/managers/AssignmentManager.ts
index de89970..c28bf22 100644
--- a/ExpressAPI/src/managers/AssignmentManager.ts
+++ b/ExpressAPI/src/managers/AssignmentManager.ts
@@ -5,6 +5,9 @@ import db from '../helpers/DatabaseHelper.js';
class AssignmentManager {
async isUserAllowedToAccessAssignment(assignment: Assignment, user: User): Promise<boolean> {
+ if (user === null || user === undefined) {
+ return false;
+ }
if ( !assignment.staff ) {
assignment.staff = await db.assignment.findUnique({
where: {
diff --git a/ExpressAPI/src/middlewares/SecurityMiddleware.ts b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
index 1b7edc4..93fdf4a 100644
--- a/ExpressAPI/src/middlewares/SecurityMiddleware.ts
+++ b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
@@ -14,6 +14,8 @@ class SecurityMiddleware {
private async checkType(checkType: SecurityCheckType, req: express.Request): Promise<boolean> {
try {
switch ( String(checkType) ) {
+ case SecurityCheckType.USER.valueOf():
+ return this.checkIfConnected(true, req);
case SecurityCheckType.ADMIN.valueOf():
return req.session.profile.isAdmin;
case SecurityCheckType.TEACHING_STAFF.valueOf():
diff --git a/ExpressAPI/src/routes/AssignmentRoutes.ts b/ExpressAPI/src/routes/AssignmentRoutes.ts
index ee123f2..deade95 100644
--- a/ExpressAPI/src/routes/AssignmentRoutes.ts
+++ b/ExpressAPI/src/routes/AssignmentRoutes.ts
@@ -85,7 +85,7 @@ class AssignmentRoutes implements RoutesManager {
};
registerOnBackend(backend: Express) {
- backend.get('/assignments/:assignmentNameOrUrl', SecurityMiddleware.check(true), this.getAssignment.bind(this) as RequestHandler);
+ backend.get('/assignments/:assignmentNameOrUrl', SecurityMiddleware.check(false, SecurityCheckType.ASSIGNMENT_SECRET, SecurityCheckType.USER), this.getAssignment.bind(this) as RequestHandler);
backend.post('/assignments', SecurityMiddleware.check(true, SecurityCheckType.TEACHING_STAFF), ParamsValidatorMiddleware.validate(this.assignmentValidator), this.createAssignment.bind(this) as RequestHandler);
backend.get('/assignments/languages', this.getLanguages.bind(this) as RequestHandler);
@@ -109,7 +109,6 @@ class AssignmentRoutes implements RoutesManager {
delete assignment.gitlabCreationInfo;
delete assignment.gitlabLastInfo;
delete assignment.gitlabLastInfoDate;
- delete assignment.useSonar;
delete assignment.staff;
delete assignment.exercises;
}
diff --git a/ExpressAPI/src/types/SecurityCheckType.ts b/ExpressAPI/src/types/SecurityCheckType.ts
index 9cbb61b..68ac8e3 100644
--- a/ExpressAPI/src/types/SecurityCheckType.ts
+++ b/ExpressAPI/src/types/SecurityCheckType.ts
@@ -6,6 +6,7 @@ enum SecurityCheckType {
ASSIGNMENT_IS_PUBLISHED = 'assignmentIsPublished',
EXERCISE_SECRET = 'exerciseSecret',
ASSIGNMENT_SECRET = 'assignmentSecret',
+ USER = 'user',
}
--
GitLab