Prevent enrolment and responsibility upsert if a user is not in the DB

Author: AleksTeresh

src/server/chatInstances/access.ts

@@ -1,15 +1,23 @@
-import { EXAMPLE_COURSE_ID, TEST_COURSE_ID, accessIams } from '../util/config'
-import { ChatInstance, Enrolment, Responsibility } from '../db/models'
+import { EXAMPLE_COURSE_ID, TEST_COURSE_ID, employeeIam } from '../util/config'
+import {
+  ChatInstance,
+  Enrolment,
+  Responsibility,
+  User as UserModel,
+} from '../db/models'
 import { User } from '../types'
 
-export const checkIamAccess = (iamGroups: string[]) =>
-  accessIams.some((iam) => iamGroups.includes(iam))
+const getUserById = async (id: string) => UserModel.findByPk(id)
 
 /**
  * Gets the chat instance ids of the courses the user is enrolled in
  */
 export const getEnrolledCourses = async (user: User) => {
-  if (checkIamAccess(user.iamGroups)) {
+  // Only do the example/test course upserts if the user is an employee
+  // students have no reason to be in these courses.
+  // We also want to check if the user exists in the database
+  // before we try to upsert the enrolments.
+  if (user.iamGroups.includes(employeeIam) && getUserById(user.id)) {
     await Enrolment.upsert(
       {
         userId: user.id,
@@ -47,7 +55,9 @@ export const getEnrolledCourses = async (user: User) => {
 }
 
 export const getOwnCourses = async (user: User) => {
-  if (user.isAdmin) {
+  // We want to check if the user exists in the database
+  // before we try to upsert the enrolments
+  if (user.isAdmin && getUserById(user.id)) {
     await Responsibility.upsert(
       {
         userId: user.id,

src/server/routes/user.ts

@@ -2,15 +2,15 @@ import express from 'express'
 
 import { ChatRequest } from '../types'
 import logger from '../util/logger'
-import {
-  checkIamAccess,
-  getEnrolledCourses,
-  getOwnCourses,
-} from '../chatInstances/access'
+import { getEnrolledCourses, getOwnCourses } from '../chatInstances/access'
 import { User } from '../db/models'
 import { getUserStatus, getUsage } from '../chatInstances/usage'
 import { DEFAULT_TOKEN_LIMIT } from '../../config'
 import { getLastRestart } from '../util/lastRestart'
+import { accessIams } from '../util/config'
+
+export const checkIamAccess = (iamGroups: string[]) =>
+  accessIams.some((iam) => iamGroups.includes(iam))
 
 const userRouter = express.Router()
 
@@ -20,7 +20,7 @@ userRouter.get('/login', async (req, res) => {
   const { id, isAdmin, iamGroups } = user
 
   if (!id) return res.status(401).send('Unauthorized')
-
+    const lastRestart = await getLastRestart()
   const hasIamAccess = checkIamAccess(iamGroups)
 
   const enrolledCourses = await getEnrolledCourses(user)