From 9102268be1f9af14b9e452eb069f05ae3860bda6 Mon Sep 17 00:00:00 2001
From: Adriaan Jacquet <adriaanjacquet@gmail.com>
Date: Tue, 22 Apr 2025 15:34:37 +0200
Subject: [PATCH] feat: assignment permissies geupdate

---
 .../auth/checks/assignment-auth-checks.ts     | 13 +++++------
 backend/src/routes/assignments.ts             | 22 +++++--------------
 backend/src/services/groups.ts                |  9 ++++++++
 3 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/backend/src/middleware/auth/checks/assignment-auth-checks.ts b/backend/src/middleware/auth/checks/assignment-auth-checks.ts
index e9b284c4..11199bb1 100644
--- a/backend/src/middleware/auth/checks/assignment-auth-checks.ts
+++ b/backend/src/middleware/auth/checks/assignment-auth-checks.ts
@@ -1,7 +1,7 @@
 import {authorize} from "./auth-checks";
-import {fetchAssignment, getAssignment} from "../../../services/assignments";
-import {fetchClass, getClass} from "../../../services/classes";
-import {getAllGroups} from "../../../services/groups";
+import {fetchAssignment} from "../../../services/assignments";
+import {fetchClass} from "../../../services/classes";
+import {fetchAllGroups} from "../../../services/groups";
 import {mapToUsername} from "../../../interfaces/user";
 
 /**
@@ -13,13 +13,12 @@ import {mapToUsername} from "../../../interfaces/user";
 export const onlyAllowIfHasAccessToAssignment = authorize(
     async (auth, req) => {
         const { classid: classId, id: assignmentId } = req.params as { classid: string, id: number };
-        const assignment = await fetchAssignment(classId, assignmentId);
         if (auth.accountType === "teacher") {
-            const clazz = await fetchClass(assignment.class);
+            const clazz = await fetchClass(classId);
             return clazz.teachers.map(mapToUsername).includes(auth.username);
         } else {
-            const groups = await getAllGroups(classId, assignmentId, false);
-            return groups.some(group => group.members.map(mapToUsername).includes(auth.username) );
+            const groups = await fetchAllGroups(classId, assignmentId);
+            return groups.some(group => group.members.map((member) => member.username).includes(auth.username) );
         }
     }
 );
diff --git a/backend/src/routes/assignments.ts b/backend/src/routes/assignments.ts
index 5173a274..8bf42022 100644
--- a/backend/src/routes/assignments.ts
+++ b/backend/src/routes/assignments.ts
@@ -9,32 +9,22 @@ import {
 } from '../controllers/assignments.js';
 import groupRouter from './groups.js';
 import {adminOnly, teachersOnly} from "../middleware/auth/checks/auth-checks";
-import {onlyAllowOwnClassInBody} from "../middleware/auth/checks/class-auth-checks";
+import {onlyAllowIfInClass, onlyAllowOwnClassInBody} from "../middleware/auth/checks/class-auth-checks";
 import {onlyAllowIfHasAccessToAssignment} from "../middleware/auth/checks/assignment-auth-checks";
 
 const router = express.Router({ mergeParams: true });
 
-router.get('/', getAllAssignmentsHandler);
-// Root endpoint used to search objects
-router.get('/', adminOnly, getAllAssignmentsHandler);
+router.get('/', teachersOnly, onlyAllowIfInClass, getAllAssignmentsHandler);
 
-router.post('/', teachersOnly, onlyAllowOwnClassInBody, createAssignmentHandler);
+router.post('/', teachersOnly, onlyAllowIfInClass, createAssignmentHandler);
 
-router.get('/:id', getAssignmentHandler);
-// Information about an assignment with id 'id'
 router.get('/:id', onlyAllowIfHasAccessToAssignment, getAssignmentHandler);
 
-router.put('/:id', putAssignmentHandler);
+router.put('/:id', teachersOnly, onlyAllowIfHasAccessToAssignment, putAssignmentHandler);
 
-router.delete('/:id', deleteAssignmentHandler);
+router.delete('/:id', teachersOnly, onlyAllowIfHasAccessToAssignment, deleteAssignmentHandler);
 
-router.get('/:id/submissions', onlyAllowIfHasAccessToAssignment, getAssignmentsSubmissionsHandler);
-
-router.get('/:id/questions', onlyAllowIfHasAccessToAssignment, (_req, res) => {
-    res.json({
-        questions: ['0'],
-    });
-});
+router.get('/:id/submissions', teachersOnly, onlyAllowIfHasAccessToAssignment, getAssignmentsSubmissionsHandler);
 
 router.use('/:assignmentid/groups', groupRouter);
 
diff --git a/backend/src/services/groups.ts b/backend/src/services/groups.ts
index 3c6f2919..b94d435c 100644
--- a/backend/src/services/groups.ts
+++ b/backend/src/services/groups.ts
@@ -22,6 +22,15 @@ export async function fetchGroup(classId: string, assignmentNumber: number, grou
     return group;
 }
 
+export async function fetchAllGroups(classId: string, assignmentNumber: number): Promise<Group[]> {
+    const assignment = await fetchAssignment(classId, assignmentNumber);
+
+    const groupRepository = getGroupRepository();
+    const groups = await groupRepository.findAllGroupsForAssignment(assignment);
+
+    return groups;
+}
+
 export async function getGroup(classId: string, assignmentNumber: number, groupNumber: number): Promise<GroupDTO> {
     const group = await fetchGroup(classId, assignmentNumber, groupNumber);
     return mapToGroupDTO(group);