From b68861d95dfd51123a142510c2abac3a2065ca3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Minelli?= <michael@minelli.me> Date: Thu, 6 Jul 2023 14:15:19 +0200 Subject: [PATCH] SecurityCheck => Add check if user is in enonce's staff --- ExpressAPI/src/middlewares/SecurityMiddleware.ts | 4 ++++ ExpressAPI/src/types/SecurityCheckType.ts | 1 + 2 files changed, 5 insertions(+) diff --git a/ExpressAPI/src/middlewares/SecurityMiddleware.ts b/ExpressAPI/src/middlewares/SecurityMiddleware.ts index 62030f9..4beeee7 100644 --- a/ExpressAPI/src/middlewares/SecurityMiddleware.ts +++ b/ExpressAPI/src/middlewares/SecurityMiddleware.ts @@ -3,6 +3,7 @@ import { StatusCodes } from 'http-status-codes'; import SecurityCheckType from '../types/SecurityCheckType'; import logger from '../shared/logging/WinstonLogger'; import ApiRequest from '../types/ApiRequest'; +import EnonceManager from '../managers/EnonceManager'; class SecurityMiddleware { @@ -24,6 +25,9 @@ class SecurityMiddleware { case SecurityCheckType.TEACHING_STAFF: isAllowed = isAllowed || req.session.profile.isTeachingStaff; break; + case SecurityCheckType.ENONCE_STAFF: + isAllowed = isAllowed || await EnonceManager.isUserAllowedToAccessEnonce(req.boundParams.enonce, req.session.profile); + break; default: isAllowed = isAllowed || false; break; diff --git a/ExpressAPI/src/types/SecurityCheckType.ts b/ExpressAPI/src/types/SecurityCheckType.ts index 38e59c2..32a1592 100644 --- a/ExpressAPI/src/types/SecurityCheckType.ts +++ b/ExpressAPI/src/types/SecurityCheckType.ts @@ -1,5 +1,6 @@ enum SecurityCheckType { TEACHING_STAFF = 'teachingStaff', + ENONCE_STAFF = 'enonceStaff' } -- GitLab