fix: includes check + gebruik fetches service laag

backend/src/interfaces/user.ts

@@ -10,6 +10,10 @@ export function mapToUserDTO(user: User): UserDTO {
     };
 }
 
+export function mapToUsername(user: {username: string}): string {
+    return user.username;
+}
+
 export function mapToUser<T extends User>(userData: UserDTO, userInstance: T): T {
     userInstance.username = userData.username;
     userInstance.firstName = userData.firstName;

backend/src/middleware/auth/checks/assignment-auth-checks.ts

@@ -1,7 +1,8 @@
 import {authorize} from "./auth-checks";
-import {getAssignment} from "../../../services/assignments";
+import {fetchAssignment, getAssignment} from "../../../services/assignments";
-import {getClass} from "../../../services/classes";
+import {fetchClass, getClass} from "../../../services/classes";
 import {getAllGroups} from "../../../services/groups";
+import {mapToUsername} from "../../../interfaces/user";
 
 /**
  * Expects the path to contain the path parameters 'classId' and 'id' (meaning the ID of the assignment).
@@ -12,15 +13,13 @@ import {getAllGroups} from "../../../services/groups";
 export const onlyAllowIfHasAccessToAssignment = authorize(
     async (auth, req) => {
         const { classid: classId, id: assignmentId } = req.params as { classid: string, id: number };
-        const assignment = await getAssignment(classId, assignmentId);
+        const assignment = await fetchAssignment(classId, assignmentId);
-        if (assignment === null) {
+        if (auth.accountType === "teacher") {
-            return false;
+            const clazz = await fetchClass(assignment.class);
-        } else if (auth.accountType === "teacher") {
+            return clazz.teachers.map(mapToUsername).includes(auth.username);
-            const clazz = await getClass(assignment.class);
-            return auth.username in clazz!.teachers;
         } else {
             const groups = await getAllGroups(classId, assignmentId, false);
-            return groups.some(group => auth.username in (group.members as string[]));
+            return groups.some(group => group.members.map(mapToUsername).includes(auth.username) );
         }
     }
 );

backend/src/middleware/auth/checks/class-auth-checks.ts

@@ -1,11 +1,12 @@
 import {authorize} from "./auth-checks";
 import {AuthenticationInfo} from "../authentication-info";
 import {AuthenticatedRequest} from "../authenticated-request";
-import {getClass} from "../../../services/classes";
+import {fetchClass, getClass} from "../../../services/classes";
+import {mapToUsername} from "../../../interfaces/user";
 
 async function teaches(teacherUsername: string, classId: string): Promise<boolean> {
-    const clazz = await getClass(classId);
+    const clazz = await fetchClass(classId);
-    return clazz !== null && teacherUsername in clazz.teachers;
+    return clazz.teachers.map(mapToUsername).includes(teacherUsername);
 }
 
 /**
@@ -41,13 +42,11 @@ export const onlyAllowTeacherOfClass = authorize(
 export const onlyAllowIfInClass = authorize(
     async (auth: AuthenticationInfo, req: AuthenticatedRequest) => {
         const classId = req.params.classId ?? req.params.classid ?? req.params.id;
-        const clazz = await getClass(classId);
+        const clazz = await fetchClass(classId);
-        if (clazz === null) {
+        if (auth.accountType === "teacher") {
-            return false;
+            return clazz.teachers.map(mapToUsername).includes(auth.username);
-        } else if (auth.accountType === "teacher") {
-            return auth.username in clazz.teachers;
         }
-        return auth.username in clazz.students;
+        return clazz.students.map(mapToUsername).includes(auth.username);
     }
 );
 
@@ -57,13 +56,11 @@ export const onlyAllowIfInClass = authorize(
 export const onlyAllowOwnClassInBody = authorize(
     async (auth, req) => {
         const classId = (req.body as {class: string})?.class;
-        const clazz = await getClass(classId);
+        const clazz = await fetchClass(classId);
 
-        if (clazz === null) {
+        if (auth.accountType === "teacher") {
-            return false;
+            return clazz.teachers.map(mapToUsername).includes(auth.username);
-        } else if (auth.accountType === "teacher") {
-            return auth.username in clazz.teachers;
         }
-        return auth.username in clazz.students;
+        return clazz.students.map(mapToUsername).includes(auth.username);
     }
 );

backend/src/middleware/auth/checks/group-auth-checker.ts

@@ -1,6 +1,7 @@
 import {authorize} from "./auth-checks";
-import {getClass} from "../../../services/classes";
+import {fetchClass, getClass} from "../../../services/classes";
-import {getGroup} from "../../../services/groups";
+import {fetchGroup, getGroup} from "../../../services/groups";
+import {mapToUsername} from "../../../interfaces/user";
 
 /**
  * Expects the path to contain the path parameters 'classid', 'assignmentid' and 'groupid'.
@@ -14,11 +15,11 @@ export const onlyAllowIfHasAccessToGroup = authorize(
             req.params as { classid: string, assignmentid: number, groupid: number };
 
         if (auth.accountType === "teacher") {
-            const clazz = await getClass(classId);
+            const clazz = await fetchClass(classId);
-            return auth.username in clazz!.teachers;
+            return clazz.teachers.map(mapToUsername).includes(auth.username);
         } else { // user is student
-            const group = await getGroup(classId, assignmentId, groupId, false);
+            const group = await fetchGroup(classId, assignmentId, groupId, false);
-            return group === null ? false : auth.username in (group.members as string[]);
+            return clazz.students.map(mapToUsername).includes(auth.username);
         }
     }
 );

backend/src/services/students.ts

@@ -25,6 +25,7 @@ import { QuestionDTO, QuestionId } from '@dwengo-1/common/interfaces/question';
 import { ClassJoinRequestDTO } from '@dwengo-1/common/interfaces/class-join-request';
 import { ConflictException } from '../exceptions/conflict-exception.js';
 import { Submission } from '../entities/assignments/submission.entity';
+import {mapToUsername} from "../interfaces/user";
 
 export async function getAllStudents(full: boolean): Promise<StudentDTO[] | string[]> {
     const studentRepository = getStudentRepository();
@@ -34,7 +35,7 @@ export async function getAllStudents(full: boolean): Promise<StudentDTO[] | stri
         return users.map(mapToStudentDTO);
     }
 
-    return users.map((user) => user.username);
+    return users.map(mapToUsername);
 }
 
 export async function fetchStudent(username: string): Promise<Student> {

backend/src/services/teachers.ts

@@ -30,6 +30,7 @@ import { QuestionDTO, QuestionId } from '@dwengo-1/common/interfaces/question';
 import { ClassJoinRequestDTO } from '@dwengo-1/common/interfaces/class-join-request';
 import { ClassStatus } from '@dwengo-1/common/util/class-join-request';
 import { ConflictException } from '../exceptions/conflict-exception.js';
+import {mapToUsername} from "../interfaces/user";
 
 export async function getAllTeachers(full: boolean): Promise<TeacherDTO[] | string[]> {
     const teacherRepository: TeacherRepository = getTeacherRepository();
@@ -38,7 +39,7 @@ export async function getAllTeachers(full: boolean): Promise<TeacherDTO[] | stri
     if (full) {
         return users.map(mapToTeacherDTO);
     }
-    return users.map((user) => user.username);
+    return users.map(mapToUsername);
 }
 
 export async function fetchTeacher(username: string): Promise<Teacher> {

backend/tests/controllers/teachers.test.ts

@@ -96,7 +96,7 @@ describe('Teacher controllers', () => {
     });
 
     it('Teacher list', async () => {
-        req = { query: { full: 'true' } };
+        req = { query: { full: 'false' } };
 
         await getAllTeachersHandler(req as Request, res as Response);
 
@@ -104,8 +104,7 @@ describe('Teacher controllers', () => {
 
         const result = jsonMock.mock.lastCall?.[0];
 
-        const teacherUsernames = result.teachers.map((s: TeacherDTO) => s.username);
+        expect(result.teachers).toContain('testleerkracht1');
-        expect(teacherUsernames).toContain('testleerkracht1');
 
         expect(result.teachers).toHaveLength(5);
     });