UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects

WIP: Fix Auth Preferences for Endpoints

Closed graham.smith requested to merge dev-permission-fixes into master
5 files
+ 126
162
Compare changes
  • Side-by-side
  • Inline
Files
5
+ 40
38
import {
Router
} from 'express';
import { Router } from 'express';
import Enrollment from '../models/enrollment';
import { requestResponseCodes } from '../lib/constants/response-codes';
import { error } from '../lib/request-response-helpers';
import {permit} from "../auth/authservice-middleware";
import Role from "../auth/role";
import { permit } from '../auth/authservice-middleware';
import Role from '../auth/role';
const router = new Router();
@@ -27,49 +25,53 @@ router.post('/', permit([Role.ADMIN]), async (req, res) => {
);
} else {
res.json({
enrollmentId: response.id
enrollmentId: response.id,
});
}
}
});
router.delete('/byClass/:keycloakId/:classScheduleId', permit([Role.ADMIN]), async (req, res) => {
// needs to be based off a keycloakId AND a classScheduleId
const classScheduleId = Number.parseInt(req.params.classScheduleId);
router.delete(
'/byClass/:keycloakId/:classScheduleId',
permit([Role.ADMIN]),
async (req, res) => {
// needs to be based off a keycloakId AND a classScheduleId
const classScheduleId = Number.parseInt(req.params.classScheduleId);
if (isNaN(classScheduleId)) {
//user of api gave bad input
return error(
res,
requestResponseCodes.BAD_REQUEST,
'Bad input. Class id was not set or was not an int.'
);
}
const response = await Enrollment.findAll({
where: {
keycloakId: req.params.keycloakId,
classScheduleId: classScheduleId,
},
});
if (isNaN(classScheduleId)) {
//user of api gave bad input
return error(
res,
requestResponseCodes.BAD_REQUEST,
'Bad input. Class id was not set or was not an int.'
);
}
if (!response) {
error(res, requestResponseCodes.BAD_REQUEST, 'Enrollment was not found.');
} else {
// NOTE: confirm that this is doing what we think it should be doing
response.destroy({
const response = await Enrollment.findAll({
where: {
keycloakId: req.params.keycloakId,
classScheduleId: classScheduleId,
},
});
res.json({
deleted: {
id: response.id
}
});
if (!response) {
error(res, requestResponseCodes.BAD_REQUEST, 'Enrollment was not found.');
} else {
// NOTE: confirm that this is doing what we think it should be doing
response.destroy({
where: {
keycloakId: req.params.keycloakId,
classScheduleId: classScheduleId,
},
});
res.json({
deleted: {
id: response.id,
},
});
}
}
});
);
router.delete('/byUser/:keycloakId', permit([Role.ADMIN]), async (req, res) => {
const response = await Enrollment.findAll({
@@ -88,10 +90,10 @@ router.delete('/byUser/:keycloakId', permit([Role.ADMIN]), async (req, res) => {
});
res.json({
deleted: {
id: response.id
}
id: response.id,
},
});
}
});
export default router;
\ No newline at end of file
export default router;
Loading