tdpeuter/2025SELab2-project-Dwengo
tdpeuter/2025SELab2-project-Dwengo
1
Fork 0
Code Issues Releases 4 Packages 2 Wiki Activity

feat: authenticatie voor submissions en groups toegevoegd

Browse source
This commit is contained in:
Adriaan Jacquet 2025-04-22 16:47:31 +02:00
parent 7c41c8e615
commit a4ccae6c0d
5 changed files with 45 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

4
backend/src/middleware/auth/checks/group-auth-checker.ts
View file

@ -18,8 +18,8 @@ export const onlyAllowIfHasAccessToGroup = authorize(
const clazz = await fetchClass(classId); const clazz = await fetchClass(classId);
return clazz.teachers.map(mapToUsername).includes(auth.username); return clazz.teachers.map(mapToUsername).includes(auth.username);
} else { // user is student } else { // user is student
const group = await fetchGroup(classId, assignmentId, groupId, false); const group = await fetchGroup(classId, assignmentId, groupId);
return clazz.students.map(mapToUsername).includes(auth.username); return group.members.map(mapToUsername).includes(auth.username);
} }
} }
); );

8
backend/src/middleware/auth/checks/question-checks.ts
View file

@ -9,11 +9,11 @@ import {fetchAnswer} from "../../../services/answers";
import {mapToUsername} from "../../../interfaces/user"; import {mapToUsername} from "../../../interfaces/user";
export const onlyAllowAuthor = authorize( export const onlyAllowAuthor = authorize(
(auth: AuthenticationInfo, req: AuthenticatedRequest) => req.body.author === auth.username (auth: AuthenticationInfo, req: AuthenticatedRequest) => (req.body as { author: string }).author === auth.username
); );
export const onlyAllowAuthorRequest = authorize( export const onlyAllowAuthorRequest = authorize(
(auth: AuthenticationInfo, req: AuthenticatedRequest) => { async (auth: AuthenticationInfo, req: AuthenticatedRequest) => {
const hruid = req.params.hruid; const hruid = req.params.hruid;
const version = req.params.version; const version = req.params.version;
const language = req.query.lang as string; const language = req.query.lang as string;
@ -30,7 +30,7 @@ export const onlyAllowAuthorRequest = authorize(
); );
export const onlyAllowAuthorRequestAnswer = authorize( export const onlyAllowAuthorRequestAnswer = authorize(
(auth: AuthenticationInfo, req: AuthenticatedRequest) => { async (auth: AuthenticationInfo, req: AuthenticatedRequest) => {
const hruid = req.params.hruid; const hruid = req.params.hruid;
const version = req.params.version; const version = req.params.version;
const language = req.query.lang as string; const language = req.query.lang as string;
@ -49,7 +49,7 @@ export const onlyAllowAuthorRequestAnswer = authorize(
); );
export const onlyAllowIfHasAccessToQuestion = authorize( export const onlyAllowIfHasAccessToQuestion = authorize(
async (auth, req) => { async (auth: AuthenticationInfo, req: AuthenticatedRequest) => {
const hruid = req.params.hruid; const hruid = req.params.hruid;
const version = req.params.version; const version = req.params.version;
const language = req.query.lang as string; const language = req.query.lang as string;

29
backend/src/middleware/auth/checks/submission-checks.ts Normal file
View file

@ -0,0 +1,29 @@
import { languageMap } from "dwengo-1-common/util/language";
import { LearningObjectIdentifier } from "../../../entities/content/learning-object-identifier";
import { fetchSubmission } from "../../../services/submissions";
import { AuthenticatedRequest } from "../authenticated-request";
import { AuthenticationInfo } from "../authentication-info";
import { authorize } from "./auth-checks";
import { FALLBACK_LANG } from "../../../config";
import { mapToUsername } from "../../../interfaces/user";
export const onlyAllowSubmitter = authorize(
(auth: AuthenticationInfo, req: AuthenticatedRequest) => (req.body as { submitter: string }).submitter === auth.username
);
export const onlyAllowIfHasAccessToSubmission = authorize(
async (auth: AuthenticationInfo, req: AuthenticatedRequest) => {
const { hruid: lohruid, id: submissionNumber } = req.params;
const { language: lang, version: version } = req.query;
const loId = new LearningObjectIdentifier(lohruid, languageMap[lang as string] ?? FALLBACK_LANG, Number(version))
const submission = await fetchSubmission(loId, Number(submissionNumber));
if (auth.accountType === "teacher") {
// Dit kan niet werken om dat al deze objecten niet gepopulate zijn.
return submission.onBehalfOf.assignment.within.teachers.map(mapToUsername).includes(auth.username);
}
return submission.onBehalfOf.members.map(mapToUsername).includes(auth.username);
}
)

8
backend/src/routes/groups.ts
View file

@ -13,17 +13,15 @@ import {onlyAllowIfHasAccessToAssignment} from "../middleware/auth/checks/assign
const router = express.Router({ mergeParams: true }); const router = express.Router({ mergeParams: true });
// Root endpoint used to search objects
router.get('/', onlyAllowIfHasAccessToAssignment, getAllGroupsHandler); router.get('/', onlyAllowIfHasAccessToAssignment, getAllGroupsHandler);
router.post('/', teachersOnly, onlyAllowIfHasAccessToAssignment, createGroupHandler); router.post('/', teachersOnly, onlyAllowIfHasAccessToAssignment, createGroupHandler);
// Information about a group (members, ... [TODO DOC]) router.get('/:groupid', onlyAllowIfHasAccessToAssignment, getGroupHandler);
router.get('/:groupid', onlyAllowIfHasAccessToGroup, getGroupHandler);
router.put('/:groupid', putGroupHandler); router.put('/:groupid', teachersOnly, onlyAllowIfHasAccessToAssignment, putGroupHandler);
router.delete('/:groupid', deleteGroupHandler); router.delete('/:groupid', teachersOnly, onlyAllowIfHasAccessToAssignment, deleteGroupHandler);
router.get('/:groupid/submissions', onlyAllowIfHasAccessToGroup, getGroupSubmissionsHandler); router.get('/:groupid/submissions', onlyAllowIfHasAccessToGroup, getGroupSubmissionsHandler);

13
backend/src/routes/submissions.ts
View file

@ -1,15 +1,16 @@
import express from 'express'; import express from 'express';
import { createSubmissionHandler, deleteSubmissionHandler, getSubmissionHandler, getSubmissionsHandler } from '../controllers/submissions.js'; import { createSubmissionHandler, deleteSubmissionHandler, getSubmissionHandler, getSubmissionsHandler } from '../controllers/submissions.js';
import { onlyAllowAuthor } from '../middleware/auth/checks/question-checks.js';
import { onlyAllowIfHasAccessToSubmission, onlyAllowSubmitter } from '../middleware/auth/checks/submission-checks.js';
import { adminOnly, studentsOnly } from '../middleware/auth/checks/auth-checks.js';
const router = express.Router({ mergeParams: true }); const router = express.Router({ mergeParams: true });
// Root endpoint used to search objects router.get('/', adminOnly, getSubmissionsHandler);
router.get('/', getSubmissionsHandler);
router.post('/:id', createSubmissionHandler); router.post('/:id', studentsOnly, onlyAllowSubmitter, createSubmissionHandler);
// Information about an submission with id 'id' router.get('/:id', onlyAllowIfHasAccessToSubmission, getSubmissionHandler);
router.get('/:id', getSubmissionHandler);
router.delete('/:id', deleteSubmissionHandler); router.delete('/:id', onlyAllowIfHasAccessToSubmission, deleteSubmissionHandler);
export default router; export default router;