Skip to content
Snippets Groups Projects
Commit b68861d9 authored by michael.minelli's avatar michael.minelli
Browse files

SecurityCheck => Add check if user is in enonce's staff

parent fb778b2f
No related branches found
No related tags found
No related merge requests found
...@@ -3,6 +3,7 @@ import { StatusCodes } from 'http-status-codes'; ...@@ -3,6 +3,7 @@ import { StatusCodes } from 'http-status-codes';
import SecurityCheckType from '../types/SecurityCheckType'; import SecurityCheckType from '../types/SecurityCheckType';
import logger from '../shared/logging/WinstonLogger'; import logger from '../shared/logging/WinstonLogger';
import ApiRequest from '../types/ApiRequest'; import ApiRequest from '../types/ApiRequest';
import EnonceManager from '../managers/EnonceManager';
class SecurityMiddleware { class SecurityMiddleware {
...@@ -24,6 +25,9 @@ class SecurityMiddleware { ...@@ -24,6 +25,9 @@ class SecurityMiddleware {
case SecurityCheckType.TEACHING_STAFF: case SecurityCheckType.TEACHING_STAFF:
isAllowed = isAllowed || req.session.profile.isTeachingStaff; isAllowed = isAllowed || req.session.profile.isTeachingStaff;
break; break;
case SecurityCheckType.ENONCE_STAFF:
isAllowed = isAllowed || await EnonceManager.isUserAllowedToAccessEnonce(req.boundParams.enonce, req.session.profile);
break;
default: default:
isAllowed = isAllowed || false; isAllowed = isAllowed || false;
break; break;
......
enum SecurityCheckType { enum SecurityCheckType {
TEACHING_STAFF = 'teachingStaff', TEACHING_STAFF = 'teachingStaff',
ENONCE_STAFF = 'enonceStaff'
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment