diff --git a/ExpressAPI/src/middlewares/SecurityMiddleware.ts b/ExpressAPI/src/middlewares/SecurityMiddleware.ts index 62030f9446a1cf25d7e0d0eed0e7fcc11248a733..4beeee714819ca329ac019fc03557a9f1b31cfcb 100644 --- a/ExpressAPI/src/middlewares/SecurityMiddleware.ts +++ b/ExpressAPI/src/middlewares/SecurityMiddleware.ts @@ -3,6 +3,7 @@ import { StatusCodes } from 'http-status-codes'; import SecurityCheckType from '../types/SecurityCheckType'; import logger from '../shared/logging/WinstonLogger'; import ApiRequest from '../types/ApiRequest'; +import EnonceManager from '../managers/EnonceManager'; class SecurityMiddleware { @@ -24,6 +25,9 @@ class SecurityMiddleware { case SecurityCheckType.TEACHING_STAFF: isAllowed = isAllowed || req.session.profile.isTeachingStaff; break; + case SecurityCheckType.ENONCE_STAFF: + isAllowed = isAllowed || await EnonceManager.isUserAllowedToAccessEnonce(req.boundParams.enonce, req.session.profile); + break; default: isAllowed = isAllowed || false; break; diff --git a/ExpressAPI/src/types/SecurityCheckType.ts b/ExpressAPI/src/types/SecurityCheckType.ts index 38e59c2ba8c54de40e57c5ff7a706c10ddd4193a..32a1592d046e2dd2e002dcb5b203fad5882ce1d9 100644 --- a/ExpressAPI/src/types/SecurityCheckType.ts +++ b/ExpressAPI/src/types/SecurityCheckType.ts @@ -1,5 +1,6 @@ enum SecurityCheckType { TEACHING_STAFF = 'teachingStaff', + ENONCE_STAFF = 'enonceStaff' }