From b118eeae9c030122b4a110b4315457759945fa2c Mon Sep 17 00:00:00 2001
From: Joel von der Weid <joel.von-der-weid@hesge.ch>
Date: Wed, 12 Jun 2024 09:53:15 +0200
Subject: [PATCH] Change getAssignment to accept both a secret or a logged user

---
 ExpressAPI/.idea/vcs.xml                         | 1 +
 ExpressAPI/src/managers/AssignmentManager.ts     | 3 +++
 ExpressAPI/src/middlewares/SecurityMiddleware.ts | 3 +++
 ExpressAPI/src/routes/AssignmentRoutes.ts        | 3 +--
 ExpressAPI/src/shared                            | 2 +-
 ExpressAPI/src/types/SecurityCheckType.ts        | 1 +
 6 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/ExpressAPI/.idea/vcs.xml b/ExpressAPI/.idea/vcs.xml
index 058164e..17500a1 100644
--- a/ExpressAPI/.idea/vcs.xml
+++ b/ExpressAPI/.idea/vcs.xml
@@ -2,6 +2,7 @@
 <project version="4">
   <component name="VcsDirectoryMappings">
     <mapping directory="$PROJECT_DIR$/.." vcs="Git" />
+    <mapping directory="$PROJECT_DIR$/.idea/jetbrainsConfiguration" vcs="Git" />
     <mapping directory="$PROJECT_DIR$/src/shared" vcs="Git" />
   </component>
 </project>
\ No newline at end of file
diff --git a/ExpressAPI/src/managers/AssignmentManager.ts b/ExpressAPI/src/managers/AssignmentManager.ts
index ce680b4..f7b1125 100644
--- a/ExpressAPI/src/managers/AssignmentManager.ts
+++ b/ExpressAPI/src/managers/AssignmentManager.ts
@@ -5,6 +5,9 @@ import db                   from '../helpers/DatabaseHelper';
 
 class AssignmentManager {
     async isUserAllowedToAccessAssignment(assignment: Assignment, user: User): Promise<boolean> {
+        if (user === null || user === undefined) {
+            return false;
+        }
         if ( !assignment.staff ) {
             assignment.staff = await db.assignment.findUnique({
                                                                   where: {
diff --git a/ExpressAPI/src/middlewares/SecurityMiddleware.ts b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
index 347fad4..b750506 100644
--- a/ExpressAPI/src/middlewares/SecurityMiddleware.ts
+++ b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
@@ -21,6 +21,9 @@ class SecurityMiddleware {
                 for ( const checkType of checkTypes ) {
                     try {
                         switch ( String(checkType) ) {
+                            case SecurityCheckType.USER:
+                                isAllowed = isAllowed || (req.session.profile !== null && req.session.profile !== undefined);
+                                break;
                             case SecurityCheckType.TEACHING_STAFF:
                                 isAllowed = isAllowed || req.session.profile.isTeachingStaff;
                                 break;
diff --git a/ExpressAPI/src/routes/AssignmentRoutes.ts b/ExpressAPI/src/routes/AssignmentRoutes.ts
index ed95652..ed9be07 100644
--- a/ExpressAPI/src/routes/AssignmentRoutes.ts
+++ b/ExpressAPI/src/routes/AssignmentRoutes.ts
@@ -71,7 +71,7 @@ class AssignmentRoutes implements RoutesManager {
     registerOnBackend(backend: Express) {
         backend.get('/assignments/languages', this.getLanguages.bind(this));
 
-        backend.get('/assignments/:assignmentNameOrUrl', SecurityMiddleware.check(true), this.getAssignment.bind(this));
+        backend.get('/assignments/:assignmentNameOrUrl', SecurityMiddleware.check(false, SecurityCheckType.ASSIGNMENT_SECRET, SecurityCheckType.USER), this.getAssignment.bind(this));
         backend.post('/assignments', SecurityMiddleware.check(true, SecurityCheckType.TEACHING_STAFF), ParamsValidatorMiddleware.validate(this.assignmentValidator), this.createAssignment.bind(this));
 
         backend.patch('/assignments/:assignmentNameOrUrl/publish', SecurityMiddleware.check(true, SecurityCheckType.ASSIGNMENT_STAFF), this.changeAssignmentPublishedStatus(true).bind(this));
@@ -91,7 +91,6 @@ class AssignmentRoutes implements RoutesManager {
             delete assignment.gitlabCreationInfo;
             delete assignment.gitlabLastInfo;
             delete assignment.gitlabLastInfoDate;
-            delete assignment.useSonar;
             delete assignment.staff;
             delete assignment.exercises;
         }
diff --git a/ExpressAPI/src/shared b/ExpressAPI/src/shared
index 4d1e63e..bf8d618 160000
--- a/ExpressAPI/src/shared
+++ b/ExpressAPI/src/shared
@@ -1 +1 @@
-Subproject commit 4d1e63ebbbe7e6fec1de74d79a2919047eea5775
+Subproject commit bf8d6180e6d86bf97bd8e8b16ee00826172ed287
diff --git a/ExpressAPI/src/types/SecurityCheckType.ts b/ExpressAPI/src/types/SecurityCheckType.ts
index 8b1df51..018ea88 100644
--- a/ExpressAPI/src/types/SecurityCheckType.ts
+++ b/ExpressAPI/src/types/SecurityCheckType.ts
@@ -4,6 +4,7 @@ enum SecurityCheckType {
     ASSIGNMENT_IS_PUBLISHED = 'assignmentIsPublished',
     EXERCISE_SECRET         = 'exerciseSecret',
     ASSIGNMENT_SECRET       = 'assignmentSecret',
+    USER                    = 'user',
 }
 
 
-- 
GitLab