tdpeuter/2025SELab2-project-Dwengo
tdpeuter/2025SELab2-project-Dwengo
1
Fork 0
Code Issues Releases 4 Packages 2 Wiki Activity

refactor: prevent impersonation middelware

Browse source
This commit is contained in:
Gabriellvl 2025-05-15 20:52:47 +02:00
parent a5e4f2437b
commit 26a01f0f30
5 changed files with 20 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

12
backend/src/routes/teachers.ts
View file

@ -12,7 +12,7 @@ import {
} from '../controllers/teachers.js';
import invitationRouter from './teacher-invitations.js';
import { adminOnly } from '../middleware/auth/checks/auth-checks.js';
import { onlyAllowUserHimself } from '../middleware/auth/checks/user-auth-checks.js';
import { preventImpersonation } from '../middleware/auth/checks/user-auth-checks.js';
import { onlyAllowTeacherOfClass } from '../middleware/auth/checks/class-auth-checks.js';
const router = express.Router();
@ -21,15 +21,15 @@ router.get('/', adminOnly, getAllTeachersHandler);
router.post('/', adminOnly, createTeacherHandler);
router.get('/:username', onlyAllowUserHimself, getTeacherHandler);
router.get('/:username', preventImpersonation, getTeacherHandler);
router.delete('/:username', onlyAllowUserHimself, deleteTeacherHandler);
router.delete('/:username', preventImpersonation, deleteTeacherHandler);
router.get('/:username/classes', onlyAllowUserHimself, getTeacherClassHandler);
router.get('/:username/classes', preventImpersonation, getTeacherClassHandler);
router.get('/:username/students', onlyAllowUserHimself, getTeacherStudentHandler);
router.get('/:username/students', preventImpersonation, getTeacherStudentHandler);
router.get('/:username/questions', onlyAllowUserHimself, getTeacherQuestionHandler);
router.get('/:username/questions', preventImpersonation, getTeacherQuestionHandler);
router.get('/:username/joinRequests/:classId', onlyAllowTeacherOfClass, getStudentJoinRequestHandler);