From 1aa823bf5c37e7d3b4d1c7fbc4a2e8edec79ac85 Mon Sep 17 00:00:00 2001
From: Tibo De Peuter <tibo.depeuter@ugent.be>
Date: Mon, 19 May 2025 12:17:03 +0200
Subject: [PATCH] fix(backend): onlyAllowSubmitter username opvragen

---
 backend/src/middleware/auth/checks/submission-checks.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/backend/src/middleware/auth/checks/submission-checks.ts b/backend/src/middleware/auth/checks/submission-checks.ts
index 7cd75c8d..46d901e0 100644
--- a/backend/src/middleware/auth/checks/submission-checks.ts
+++ b/backend/src/middleware/auth/checks/submission-checks.ts
@@ -10,9 +10,14 @@ import { AccountType } from '@dwengo-1/common/util/account-types';
 import { fetchClass } from '../../../services/classes.js';
 import { fetchGroup } from '../../../services/groups.js';
 import { requireFields } from '../../../controllers/error-helper.js';
+import { SubmissionDTO } from '@dwengo-1/common/interfaces/submission';
 
 export const onlyAllowSubmitter = authorize(
-    (auth: AuthenticationInfo, req: AuthenticatedRequest) => (req.body as { submitter: string }).submitter === auth.username
+    (auth: AuthenticationInfo, req: AuthenticatedRequest) => {
+        const submittedFor = (req.body as SubmissionDTO).submitter.username;
+        const submittedBy = auth.username;
+        return submittedFor === submittedBy;
+    }
 );
 
 export const onlyAllowIfHasAccessToSubmission = authorize(async (auth: AuthenticationInfo, req: AuthenticatedRequest) => {