Merge branch 'dev' into feat/232-assignments-pagina-ui-ux

backend/src/middleware/auth/checks/submission-checks.ts

@@ -7,6 +7,9 @@ import { authorize } from './auth-checks.js';
 import { FALLBACK_LANG } from '../../../config.js';
 import { mapToUsername } from '../../../interfaces/user.js';
 import { AccountType } from '@dwengo-1/common/util/account-types';
+import { fetchClass } from '../../../services/classes.js';
+import { fetchGroup } from '../../../services/groups.js';
+import { requireFields } from '../../../controllers/error-helper.js';
 
 export const onlyAllowSubmitter = authorize(
     (auth: AuthenticationInfo, req: AuthenticatedRequest) => (req.body as { submitter: string }).submitter === auth.username
@@ -26,3 +29,17 @@ export const onlyAllowIfHasAccessToSubmission = authorize(async (auth: Authentic
 
     return submission.onBehalfOf.members.map(mapToUsername).includes(auth.username);
 });
+
+export const onlyAllowIfHasAccessToSubmissionFromParams = authorize(async (auth: AuthenticationInfo, req: AuthenticatedRequest) => {
+    const { classId, assignmentId, groupId } = req.query;
+
+    requireFields({ classId, assignmentId, groupId });
+
+    if (auth.accountType === AccountType.Teacher) {
+        const cls = await fetchClass(classId as string);
+        return cls.teachers.map(mapToUsername).includes(auth.username);
+    }
+
+    const group = await fetchGroup(classId as string, Number(assignmentId as string), Number(groupId as string));
+    return group.members.map(mapToUsername).includes(auth.username);
+});

backend/src/routes/submissions.ts

@@ -1,10 +1,14 @@
 import express from 'express';
 import { createSubmissionHandler, deleteSubmissionHandler, getSubmissionHandler, getSubmissionsHandler } from '../controllers/submissions.js';
-import { onlyAllowIfHasAccessToSubmission, onlyAllowSubmitter } from '../middleware/auth/checks/submission-checks.js';
+import {
-import { adminOnly, studentsOnly } from '../middleware/auth/checks/auth-checks.js';
+    onlyAllowIfHasAccessToSubmission,
+    onlyAllowIfHasAccessToSubmissionFromParams,
+    onlyAllowSubmitter,
+} from '../middleware/auth/checks/submission-checks.js';
+import { studentsOnly } from '../middleware/auth/checks/auth-checks.js';
 const router = express.Router({ mergeParams: true });
 
-router.get('/', adminOnly, getSubmissionsHandler);
+router.get('/', onlyAllowIfHasAccessToSubmissionFromParams, getSubmissionsHandler);
 
 router.post('/', studentsOnly, onlyAllowSubmitter, createSubmissionHandler);
 

frontend/src/components/MenuBar.vue

@@ -149,7 +149,8 @@
             </template>
 
             <template v-slot:default="{ isActive }">
-                <v-card :title="t('logoutVerification')">
+                <v-card>
+                    <v-card-title class="logout-verification-title">{{ t("logoutVerification") }}</v-card-title>
                     <v-card-actions>
                         <v-spacer></v-spacer>
 
@@ -298,6 +299,13 @@
         margin-left: 10px;
     }
 
+    .logout-verification-title {
+        word-wrap: break-word;
+        overflow-wrap: break-word;
+        white-space: normal;
+        text-overflow: unset;
+    }
+
     @media (max-width: 700px) {
         .menu {
             display: none;