feat: assignment permissies geupdate
This commit is contained in:
Adriaan Jacquet
parent
cb4f6a512d
commit
9102268be1
3 changed files with 21 additions and 23 deletions
|
|
@ -1,7 +1,7 @@
|
||||||
import {authorize} from "./auth-checks";
|
import {authorize} from "./auth-checks";
|
||||||
import {fetchAssignment, getAssignment} from "../../../services/assignments";
|
import {fetchAssignment} from "../../../services/assignments";
|
||||||
import {fetchClass, getClass} from "../../../services/classes";
|
import {fetchClass} from "../../../services/classes";
|
||||||
import {getAllGroups} from "../../../services/groups";
|
import {fetchAllGroups} from "../../../services/groups";
|
||||||
import {mapToUsername} from "../../../interfaces/user";
|
import {mapToUsername} from "../../../interfaces/user";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -13,13 +13,12 @@ import {mapToUsername} from "../../../interfaces/user";
|
||||||
export const onlyAllowIfHasAccessToAssignment = authorize(
|
export const onlyAllowIfHasAccessToAssignment = authorize(
|
||||||
async (auth, req) => {
|
async (auth, req) => {
|
||||||
const { classid: classId, id: assignmentId } = req.params as { classid: string, id: number };
|
const { classid: classId, id: assignmentId } = req.params as { classid: string, id: number };
|
||||||
const assignment = await fetchAssignment(classId, assignmentId);
|
|
||||||
if (auth.accountType === "teacher") {
|
if (auth.accountType === "teacher") {
|
||||||
const clazz = await fetchClass(assignment.class);
|
const clazz = await fetchClass(classId);
|
||||||
return clazz.teachers.map(mapToUsername).includes(auth.username);
|
return clazz.teachers.map(mapToUsername).includes(auth.username);
|
||||||
} else {
|
} else {
|
||||||
const groups = await getAllGroups(classId, assignmentId, false);
|
const groups = await fetchAllGroups(classId, assignmentId);
|
||||||
return groups.some(group => group.members.map(mapToUsername).includes(auth.username) );
|
return groups.some(group => group.members.map((member) => member.username).includes(auth.username) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -9,32 +9,22 @@ import {
|
||||||
} from '../controllers/assignments.js';
|
} from '../controllers/assignments.js';
|
||||||
import groupRouter from './groups.js';
|
import groupRouter from './groups.js';
|
||||||
import {adminOnly, teachersOnly} from "../middleware/auth/checks/auth-checks";
|
import {adminOnly, teachersOnly} from "../middleware/auth/checks/auth-checks";
|
||||||
import {onlyAllowOwnClassInBody} from "../middleware/auth/checks/class-auth-checks";
|
import {onlyAllowIfInClass, onlyAllowOwnClassInBody} from "../middleware/auth/checks/class-auth-checks";
|
||||||
import {onlyAllowIfHasAccessToAssignment} from "../middleware/auth/checks/assignment-auth-checks";
|
import {onlyAllowIfHasAccessToAssignment} from "../middleware/auth/checks/assignment-auth-checks";
|
||||||
|
|
||||||
const router = express.Router({ mergeParams: true });
|
const router = express.Router({ mergeParams: true });
|
||||||
|
|
||||||
router.get('/', getAllAssignmentsHandler);
|
router.get('/', teachersOnly, onlyAllowIfInClass, getAllAssignmentsHandler);
|
||||||
// Root endpoint used to search objects
|
|
||||||
router.get('/', adminOnly, getAllAssignmentsHandler);
|
|
||||||
|
|
||||||
router.post('/', teachersOnly, onlyAllowOwnClassInBody, createAssignmentHandler);
|
router.post('/', teachersOnly, onlyAllowIfInClass, createAssignmentHandler);
|
||||||
|
|
||||||
router.get('/:id', getAssignmentHandler);
|
|
||||||
// Information about an assignment with id 'id'
|
|
||||||
router.get('/:id', onlyAllowIfHasAccessToAssignment, getAssignmentHandler);
|
router.get('/:id', onlyAllowIfHasAccessToAssignment, getAssignmentHandler);
|
||||||
|
|
||||||
router.put('/:id', putAssignmentHandler);
|
router.put('/:id', teachersOnly, onlyAllowIfHasAccessToAssignment, putAssignmentHandler);
|
||||||
|
|
||||||
router.delete('/:id', deleteAssignmentHandler);
|
router.delete('/:id', teachersOnly, onlyAllowIfHasAccessToAssignment, deleteAssignmentHandler);
|
||||||
|
|
||||||
router.get('/:id/submissions', onlyAllowIfHasAccessToAssignment, getAssignmentsSubmissionsHandler);
|
router.get('/:id/submissions', teachersOnly, onlyAllowIfHasAccessToAssignment, getAssignmentsSubmissionsHandler);
|
||||||
|
|
||||||
router.get('/:id/questions', onlyAllowIfHasAccessToAssignment, (_req, res) => {
|
|
||||||
res.json({
|
|
||||||
questions: ['0'],
|
|
||||||
});
|
|
||||||
});
|
|
||||||
|
|
||||||
router.use('/:assignmentid/groups', groupRouter);
|
router.use('/:assignmentid/groups', groupRouter);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,15 @@ export async function fetchGroup(classId: string, assignmentNumber: number, grou
|
||||||
return group;
|
return group;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export async function fetchAllGroups(classId: string, assignmentNumber: number): Promise<Group[]> {
|
||||||
|
const assignment = await fetchAssignment(classId, assignmentNumber);
|
||||||
|
|
||||||
|
const groupRepository = getGroupRepository();
|
||||||
|
const groups = await groupRepository.findAllGroupsForAssignment(assignment);
|
||||||
|
|
||||||
|
return groups;
|
||||||
|
}
|
||||||
|
|
||||||
export async function getGroup(classId: string, assignmentNumber: number, groupNumber: number): Promise<GroupDTO> {
|
export async function getGroup(classId: string, assignmentNumber: number, groupNumber: number): Promise<GroupDTO> {
|
||||||
const group = await fetchGroup(classId, assignmentNumber, groupNumber);
|
const group = await fetchGroup(classId, assignmentNumber, groupNumber);
|
||||||
return mapToGroupDTO(group);
|
return mapToGroupDTO(group);
|
||||||
|
|
|
||||||
Reference in a new issue