tdpeuter/2025SELab2-project-Dwengo
tdpeuter/2025SELab2-project-Dwengo
1
Fork 0
Code Issues Releases 4 Packages 2 Wiki Activity

feat: assignment permissies geupdate

Browse source
This commit is contained in:
Adriaan Jacquet 2025-04-22 15:34:37 +02:00
parent cb4f6a512d
commit 9102268be1
3 changed files with 21 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

13
backend/src/middleware/auth/checks/assignment-auth-checks.ts
View file

@ -1,7 +1,7 @@
import {authorize} from "./auth-checks";
import {fetchAssignment, getAssignment} from "../../../services/assignments";
import {fetchClass, getClass} from "../../../services/classes";
import {getAllGroups} from "../../../services/groups";
import {fetchAssignment} from "../../../services/assignments";
import {fetchClass} from "../../../services/classes";
import {fetchAllGroups} from "../../../services/groups";
import {mapToUsername} from "../../../interfaces/user";
/**
@ -13,13 +13,12 @@ import {mapToUsername} from "../../../interfaces/user";
export const onlyAllowIfHasAccessToAssignment = authorize(
async (auth, req) => {
const { classid: classId, id: assignmentId } = req.params as { classid: string, id: number };
const assignment = await fetchAssignment(classId, assignmentId);
if (auth.accountType === "teacher") {
const clazz = await fetchClass(assignment.class);
const clazz = await fetchClass(classId);
return clazz.teachers.map(mapToUsername).includes(auth.username);
} else {
const groups = await getAllGroups(classId, assignmentId, false);
return groups.some(group => group.members.map(mapToUsername).includes(auth.username) );
const groups = await fetchAllGroups(classId, assignmentId);
return groups.some(group => group.members.map((member) => member.username).includes(auth.username) );
}
}
);

22
backend/src/routes/assignments.ts
View file

@ -9,32 +9,22 @@ import {
} from '../controllers/assignments.js';
import groupRouter from './groups.js';
import {adminOnly, teachersOnly} from "../middleware/auth/checks/auth-checks";
import {onlyAllowOwnClassInBody} from "../middleware/auth/checks/class-auth-checks";
import {onlyAllowIfInClass, onlyAllowOwnClassInBody} from "../middleware/auth/checks/class-auth-checks";
import {onlyAllowIfHasAccessToAssignment} from "../middleware/auth/checks/assignment-auth-checks";
const router = express.Router({ mergeParams: true });
router.get('/', getAllAssignmentsHandler);
// Root endpoint used to search objects
router.get('/', adminOnly, getAllAssignmentsHandler);
router.get('/', teachersOnly, onlyAllowIfInClass, getAllAssignmentsHandler);
router.post('/', teachersOnly, onlyAllowOwnClassInBody, createAssignmentHandler);
router.post('/', teachersOnly, onlyAllowIfInClass, createAssignmentHandler);
router.get('/:id', getAssignmentHandler);
// Information about an assignment with id 'id'
router.get('/:id', onlyAllowIfHasAccessToAssignment, getAssignmentHandler);
router.put('/:id', putAssignmentHandler);
router.put('/:id', teachersOnly, onlyAllowIfHasAccessToAssignment, putAssignmentHandler);
router.delete('/:id', deleteAssignmentHandler);
router.delete('/:id', teachersOnly, onlyAllowIfHasAccessToAssignment, deleteAssignmentHandler);
router.get('/:id/submissions', onlyAllowIfHasAccessToAssignment, getAssignmentsSubmissionsHandler);
router.get('/:id/questions', onlyAllowIfHasAccessToAssignment, (_req, res) => {
res.json({
questions: ['0'],
});
});
router.get('/:id/submissions', teachersOnly, onlyAllowIfHasAccessToAssignment, getAssignmentsSubmissionsHandler);
router.use('/:assignmentid/groups', groupRouter);

9
backend/src/services/groups.ts
View file

@ -22,6 +22,15 @@ export async function fetchGroup(classId: string, assignmentNumber: number, grou
return group;
}
export async function fetchAllGroups(classId: string, assignmentNumber: number): Promise<Group[]> {
const assignment = await fetchAssignment(classId, assignmentNumber);
const groupRepository = getGroupRepository();
const groups = await groupRepository.findAllGroupsForAssignment(assignment);
return groups;
}
export async function getGroup(classId: string, assignmentNumber: number, groupNumber: number): Promise<GroupDTO> {
const group = await fetchGroup(classId, assignmentNumber, groupNumber);
return mapToGroupDTO(group);