feat(backend): Bescherming van leerobject-manipulatie endpoints.

Ook delete route voor leerobjecten toegevoegd.

backend/src/services/learning-objects/learning-object-service.ts

@@ -11,6 +11,7 @@ import {getLearningObjectRepository, getTeacherRepository} from "../../data/repo
 import {processLearningObjectZip} from "./learning-object-zip-processing-service";
 import {LearningObject} from "../../entities/content/learning-object.entity";
 import { LearningObjectIdentifier } from '../../entities/content/learning-object-identifier.js';
+import { NotFoundException } from '../../exceptions/not-found-exception.js';
 
 function getProvider(id: LearningObjectIdentifierDTO): LearningObjectProvider {
     if (id.hruid.startsWith(getEnvVar(envVars.UserContentPrefix))) {
@@ -92,6 +93,19 @@ const learningObjectService = {
     async deleteLearningObject(id: LearningObjectIdentifier): Promise<LearningObject | null> {
         const learningObjectRepository = getLearningObjectRepository();
         return await learningObjectRepository.removeByIdentifier(id);
+    },
+
+    /**
+     * Returns a list of the usernames of the administrators of the learning object with the given identifier.
+     * @throws NotFoundException if the specified learning object was not found in the database.
+     */
+    async getAdmins(id: LearningObjectIdentifier): Promise<string[]> {
+        const learningObjectRepo = getLearningObjectRepository();
+        const learningObject = await learningObjectRepo.findByIdentifier(id);
+        if (!learningObject) {
+            throw new NotFoundException("The specified learning object does not exist.");
+        }
+        return learningObject.admins.map(admin => admin.username);
     }
 };