26 lines
1.1 KiB
TypeScript
26 lines
1.1 KiB
TypeScript
import { authorize } from './auth-checks.js';
|
|
import { fetchClass } from '../../../services/classes.js';
|
|
import { fetchGroup } from '../../../services/groups.js';
|
|
import { mapToUsername } from '../../../interfaces/user.js';
|
|
import { AccountType } from '@dwengo-1/common/util/account-types';
|
|
|
|
/**
|
|
* Expects the path to contain the path parameters 'classid', 'assignmentid' and 'groupid'.
|
|
* Only allows requests from users who are
|
|
* - either teachers of the class the assignment for the group was posted in,
|
|
* - or students in the group
|
|
*/
|
|
export const onlyAllowIfHasAccessToGroup = authorize(async (auth, req) => {
|
|
const {
|
|
classid: classId,
|
|
assignmentid: assignmentId,
|
|
groupid: groupId,
|
|
} = req.params as { classid: string; assignmentid: number; groupid: number };
|
|
|
|
if (auth.accountType === AccountType.Teacher) {
|
|
const clazz = await fetchClass(classId);
|
|
return clazz.teachers.map(mapToUsername).includes(auth.username);
|
|
} // User is student
|
|
const group = await fetchGroup(classId, assignmentId, groupId);
|
|
return group.members.map(mapToUsername).includes(auth.username);
|
|
});
|