tdpeuter/2025SELab2-project-Dwengo
tdpeuter/2025SELab2-project-Dwengo
1
Fork 0
Code Issues Releases 4 Packages 2 Wiki Activity

fix(backend): onlyAllowSubmitter username opvragen

Browse source
This commit is contained in:
Tibo De Peuter 2025-05-19 12:17:03 +02:00
parent 3ca516b490
commit 1aa823bf5c
Signed by: tdpeuter
GPG key ID: 38297DE43F75FFE2
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
backend/src/middleware/auth/checks/submission-checks.ts
View file

@ -10,9 +10,14 @@ import { AccountType } from '@dwengo-1/common/util/account-types';
import { fetchClass } from '../../../services/classes.js'; import { fetchClass } from '../../../services/classes.js';
import { fetchGroup } from '../../../services/groups.js'; import { fetchGroup } from '../../../services/groups.js';
import { requireFields } from '../../../controllers/error-helper.js'; import { requireFields } from '../../../controllers/error-helper.js';
import { SubmissionDTO } from '@dwengo-1/common/interfaces/submission';
export const onlyAllowSubmitter = authorize( export const onlyAllowSubmitter = authorize(
(auth: AuthenticationInfo, req: AuthenticatedRequest) => (req.body as { submitter: string }).submitter === auth.username (auth: AuthenticationInfo, req: AuthenticatedRequest) => {
const submittedFor = (req.body as SubmissionDTO).submitter.username;
const submittedBy = auth.username;
return submittedFor === submittedBy;
}
); );
export const onlyAllowIfHasAccessToSubmission = authorize(async (auth: AuthenticationInfo, req: AuthenticatedRequest) => { export const onlyAllowIfHasAccessToSubmission = authorize(async (auth: AuthenticationInfo, req: AuthenticatedRequest) => {