tdpeuter/2025SELab2-project-Dwengo
tdpeuter/2025SELab2-project-Dwengo
1
Fork 0
Code Issues Releases 4 Packages 2 Wiki Activity

Merge remote-tracking branch 'origin/feat/endpoints-beschermen-met-authenticatie-#105' into feat/endpoints-beschermen-met-authenticatie-#105

Browse source 
# Conflicts:
#	backend/src/middleware/auth/checks/auth-checks.ts
#	backend/src/middleware/auth/checks/class-auth-checks.ts
#	backend/src/routes/teachers.ts
#	frontend/src/views/assignments/UserAssignments.vue
This commit is contained in:
Gabriellvl 2025-05-15 20:58:21 +02:00
commit 7da52284e6
40 changed files with 1042 additions and 541 deletions
Download patch file Download diff file Expand all files Collapse all files

4
backend/src/middleware/auth/checks/class-auth-checks.ts
View file

@ -3,7 +3,7 @@ import { AuthenticationInfo } from '../authentication-info.js';
import { AuthenticatedRequest } from '../authenticated-request.js';
import { fetchClass } from '../../../services/classes.js';
import { mapToUsername } from '../../../interfaces/user.js';
import {getAllInvitations} from "../../../services/teacher-invitations";
import { getAllInvitations } from '../../../services/teacher-invitations.js';
import {AccountType} from "@dwengo-1/common/util/account-types";
async function teaches(teacherUsername: string, classId: string): Promise<boolean> {
@ -51,7 +51,7 @@ export const onlyAllowIfInClassOrInvited = authorize(async (auth: Authentication
const clazz = await fetchClass(classId);
if (auth.accountType === AccountType.Teacher) {
const invitations = await getAllInvitations(auth.username, false);
return clazz.teachers.map(mapToUsername).includes(auth.username) || invitations.some(invitation => invitation.classId === classId);
return clazz.teachers.map(mapToUsername).includes(auth.username) || invitations.some((invitation) => invitation.classId === classId);
}
return clazz.students.map(mapToUsername).includes(auth.username);
});