diff --git a/ExpressAPI/.idea/vcs.xml b/ExpressAPI/.idea/vcs.xml
index 058164e2d728ef8d9811ed7f89d74bad73bcfd0d..17500a1cae0dbea6e289deb4c99e62bfb363e3e4 100644
--- a/ExpressAPI/.idea/vcs.xml
+++ b/ExpressAPI/.idea/vcs.xml
@@ -2,6 +2,7 @@
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="$PROJECT_DIR$/.." vcs="Git" />
+ <mapping directory="$PROJECT_DIR$/.idea/jetbrainsConfiguration" vcs="Git" />
<mapping directory="$PROJECT_DIR$/src/shared" vcs="Git" />
</component>
</project>
\ No newline at end of file
diff --git a/ExpressAPI/src/managers/AssignmentManager.ts b/ExpressAPI/src/managers/AssignmentManager.ts
index de89970c683607c96f1117b66b862071c6464e5d..c28bf228c4da078bb92c180b3ecd2a37b04285b7 100644
--- a/ExpressAPI/src/managers/AssignmentManager.ts
+++ b/ExpressAPI/src/managers/AssignmentManager.ts
@@ -5,6 +5,9 @@ import db from '../helpers/DatabaseHelper.js';
class AssignmentManager {
async isUserAllowedToAccessAssignment(assignment: Assignment, user: User): Promise<boolean> {
+ if (user === null || user === undefined) {
+ return false;
+ }
if ( !assignment.staff ) {
assignment.staff = await db.assignment.findUnique({
where: {
diff --git a/ExpressAPI/src/middlewares/SecurityMiddleware.ts b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
index 1b7edc42e2627092f570a3ddd8a00cd0225f38d3..93fdf4a63cb363c5a399d7939a826a0f2c2bac5d 100644
--- a/ExpressAPI/src/middlewares/SecurityMiddleware.ts
+++ b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
@@ -14,6 +14,8 @@ class SecurityMiddleware {
private async checkType(checkType: SecurityCheckType, req: express.Request): Promise<boolean> {
try {
switch ( String(checkType) ) {
+ case SecurityCheckType.USER.valueOf():
+ return this.checkIfConnected(true, req);
case SecurityCheckType.ADMIN.valueOf():
return req.session.profile.isAdmin;
case SecurityCheckType.TEACHING_STAFF.valueOf():
diff --git a/ExpressAPI/src/routes/AssignmentRoutes.ts b/ExpressAPI/src/routes/AssignmentRoutes.ts
index ee123f294cbd9e3d1b49ccfda78fe7f203f36b82..deade95dc58b09b02e7742ddfebaf2aef9240d8c 100644
--- a/ExpressAPI/src/routes/AssignmentRoutes.ts
+++ b/ExpressAPI/src/routes/AssignmentRoutes.ts
@@ -85,7 +85,7 @@ class AssignmentRoutes implements RoutesManager {
};
registerOnBackend(backend: Express) {
- backend.get('/assignments/:assignmentNameOrUrl', SecurityMiddleware.check(true), this.getAssignment.bind(this) as RequestHandler);
+ backend.get('/assignments/:assignmentNameOrUrl', SecurityMiddleware.check(false, SecurityCheckType.ASSIGNMENT_SECRET, SecurityCheckType.USER), this.getAssignment.bind(this) as RequestHandler);
backend.post('/assignments', SecurityMiddleware.check(true, SecurityCheckType.TEACHING_STAFF), ParamsValidatorMiddleware.validate(this.assignmentValidator), this.createAssignment.bind(this) as RequestHandler);
backend.get('/assignments/languages', this.getLanguages.bind(this) as RequestHandler);
@@ -109,7 +109,6 @@ class AssignmentRoutes implements RoutesManager {
delete assignment.gitlabCreationInfo;
delete assignment.gitlabLastInfo;
delete assignment.gitlabLastInfoDate;
- delete assignment.useSonar;
delete assignment.staff;
delete assignment.exercises;
}
diff --git a/ExpressAPI/src/types/SecurityCheckType.ts b/ExpressAPI/src/types/SecurityCheckType.ts
index 9cbb61bc2a23583e021c84a7cc9e17b7579ccfd7..68ac8e3db2bc8834d481b411ef65a55f0f9c5eac 100644
--- a/ExpressAPI/src/types/SecurityCheckType.ts
+++ b/ExpressAPI/src/types/SecurityCheckType.ts
@@ -6,6 +6,7 @@ enum SecurityCheckType {
ASSIGNMENT_IS_PUBLISHED = 'assignmentIsPublished',
EXERCISE_SECRET = 'exerciseSecret',
ASSIGNMENT_SECRET = 'assignmentSecret',
+ USER = 'user',
}