fix: verboden om PUT request naar group te sturen met studenten die niet tot klas behoren
This commit is contained in:
Adriaan Jacquet
parent
f1e9e3a8d6
commit
6fe20dc2fe
2 changed files with 25 additions and 8 deletions
|
|
@ -35,7 +35,11 @@ export async function putGroupHandler(req: Request, res: Response): Promise<void
|
||||||
const groupId = parseInt(req.params.groupid);
|
const groupId = parseInt(req.params.groupid);
|
||||||
checkGroupFields(classId, assignmentId, groupId);
|
checkGroupFields(classId, assignmentId, groupId);
|
||||||
|
|
||||||
const group = await putGroup(classId, assignmentId, groupId, req.body as Partial<EntityDTO<Group>>);
|
// only members field can be changed
|
||||||
|
const members = req.body.members;
|
||||||
|
requireFields({ members });
|
||||||
|
|
||||||
|
const group = await putGroup(classId, assignmentId, groupId, { members } as Partial<GroupDTO>);
|
||||||
|
|
||||||
res.json({ group });
|
res.json({ group });
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,14 @@ import { putObject } from './service-helper.js';
|
||||||
import { fetchStudents } from './students.js';
|
import { fetchStudents } from './students.js';
|
||||||
import { fetchClass } from './classes.js';
|
import { fetchClass } from './classes.js';
|
||||||
import { BadRequestException } from '../exceptions/bad-request-exception.js';
|
import { BadRequestException } from '../exceptions/bad-request-exception.js';
|
||||||
|
import { Student } from '../entities/users/student.entity.js';
|
||||||
|
import { Class } from '../entities/classes/class.entity.js';
|
||||||
|
|
||||||
|
async function assertMembersInClass(members: Student[], cls: Class): Promise<void> {
|
||||||
|
if (!members.every(student => cls.students.contains(student))) {
|
||||||
|
throw new BadRequestException("Student does not belong to class");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
export async function fetchGroup(classId: string, assignmentNumber: number, groupNumber: number): Promise<Group> {
|
export async function fetchGroup(classId: string, assignmentNumber: number, groupNumber: number): Promise<Group> {
|
||||||
const assignment = await fetchAssignment(classId, assignmentNumber);
|
const assignment = await fetchAssignment(classId, assignmentNumber);
|
||||||
|
|
@ -34,11 +42,19 @@ export async function putGroup(
|
||||||
classId: string,
|
classId: string,
|
||||||
assignmentNumber: number,
|
assignmentNumber: number,
|
||||||
groupNumber: number,
|
groupNumber: number,
|
||||||
groupData: Partial<EntityDTO<Group>>
|
groupData: Partial<GroupDTO>,
|
||||||
): Promise<GroupDTO> {
|
): Promise<GroupDTO> {
|
||||||
const group = await fetchGroup(classId, assignmentNumber, groupNumber);
|
const group = await fetchGroup(classId, assignmentNumber, groupNumber);
|
||||||
|
|
||||||
await putObject<Group>(group, groupData, getGroupRepository());
|
const memberUsernames = groupData.members as string[];
|
||||||
|
const members = await fetchStudents(memberUsernames);
|
||||||
|
|
||||||
|
const cls = await fetchClass(classId);
|
||||||
|
await assertMembersInClass(members, cls);
|
||||||
|
|
||||||
|
const groupRepository = getGroupRepository();
|
||||||
|
groupRepository.assign(group, { members } as Partial<EntityDTO<Group>>);
|
||||||
|
await groupRepository.getEntityManager().persistAndFlush(group);
|
||||||
|
|
||||||
return mapToGroupDTO(group, group.assignment.within);
|
return mapToGroupDTO(group, group.assignment.within);
|
||||||
}
|
}
|
||||||
|
|
@ -62,14 +78,11 @@ export async function getExistingGroupFromGroupDTO(groupData: GroupDTO): Promise
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function createGroup(groupData: GroupDTO, classid: string, assignmentNumber: number): Promise<GroupDTO> {
|
export async function createGroup(groupData: GroupDTO, classid: string, assignmentNumber: number): Promise<GroupDTO> {
|
||||||
const cls = await fetchClass(classid);
|
|
||||||
|
|
||||||
const memberUsernames = (groupData.members as string[]) || [];
|
const memberUsernames = (groupData.members as string[]) || [];
|
||||||
const members = await fetchStudents(memberUsernames);
|
const members = await fetchStudents(memberUsernames);
|
||||||
|
|
||||||
if (!members.every(student => cls.students.contains(student))) {
|
const cls = await fetchClass(classid);
|
||||||
throw new BadRequestException("It is not allowed to add a student to a group when the student is not part of the class");
|
await assertMembersInClass(members, cls)
|
||||||
}
|
|
||||||
|
|
||||||
const assignment = await fetchAssignment(classid, assignmentNumber);
|
const assignment = await fetchAssignment(classid, assignmentNumber);
|
||||||
|
|
||||||
|
|
|
||||||
Reference in a new issue