Skip to content

Commit c5b95e6

Browse files
committed
fix: allow faculty responsibility access for all faculty responsibles
1 parent 21d0ce0 commit c5b95e6

File tree

3 files changed

+24
-7
lines changed

3 files changed

+24
-7
lines changed

scripts/possu.sh

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
#!/usr/bin/env bash
2+
3+
CONTAINER_NAME="palaute_db"
4+
USER="postgres"
5+
DB="${1:-postgres}"
6+
7+
docker exec -it "$CONTAINER_NAME" psql -U "$USER" "$DB"

src/server/routes/feedbackTargets/feedbackTargetController.ts

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,8 @@ import { PUBLIC_COURSE_BROWSER_ENABLED } from '../../util/config'
3333
const adRouter = Router()
3434
const noadRouter = Router()
3535

36+
const isProgrammeCode = (code: string) => /^\d{3}-[MK]\d{3,4}$/.test(code)
37+
3638
// TODO figure out if the two bellow functions could be united
3739
adRouter.get('/for-faculty/:code', async (req: AuthenticatedRequest, res: Response) => {
3840
const { user } = req
@@ -41,6 +43,7 @@ adRouter.get('/for-faculty/:code', async (req: AuthenticatedRequest, res: Respon
4143
if (!code) throw ApplicationError.BadRequest('Missing code')
4244

4345
const organisationAccess = await user.organisationAccess
46+
4447
if (!organisationAccess[code]?.read) throw ApplicationError.Forbidden()
4548

4649
const facultyOrganisation = await Organisation.findOne({
@@ -56,10 +59,7 @@ adRouter.get('/for-faculty/:code', async (req: AuthenticatedRequest, res: Respon
5659

5760
if (!facultyOrganisation) throw ApplicationError.NotFound('Organisation not found')
5861

59-
const childOrgCodes =
60-
facultyOrganisation.childOrganisations
61-
?.filter(child => organisationAccess[child.code]?.read)
62-
.map(child => child.code) || []
62+
const childOrgCodes = facultyOrganisation.childOrganisations?.map(child => child.code).filter(isProgrammeCode) || []
6363

6464
const allOrganisationCodes = [code, ...childOrgCodes]
6565

@@ -69,6 +69,7 @@ adRouter.get('/for-faculty/:code', async (req: AuthenticatedRequest, res: Respon
6969
startDate: startDate as string,
7070
endDate: endDate as string,
7171
user,
72+
skipAccessCheck: orgCode !== code,
7273
})
7374
)
7475

src/server/services/feedbackTargets/getByOrganisation.ts

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -137,12 +137,21 @@ interface GetByOrganisationParams {
137137
startDate?: string | Date
138138
endDate?: string | Date
139139
user: User
140+
skipAccessCheck?: boolean
140141
}
141142

142-
const getByOrganisation = async ({ organisationCode, startDate, endDate, user }: GetByOrganisationParams) => {
143-
const organisationAccess = await user.organisationAccess
143+
const getByOrganisation = async ({
144+
organisationCode,
145+
startDate,
146+
endDate,
147+
user,
148+
skipAccessCheck = false,
149+
}: GetByOrganisationParams) => {
150+
if (!skipAccessCheck) {
151+
const organisationAccess = await user.organisationAccess
144152

145-
if (!organisationAccess[organisationCode]?.read) throw ApplicationError.Forbidden()
153+
if (!organisationAccess[organisationCode]?.read) throw ApplicationError.Forbidden()
154+
}
146155

147156
const start = startDate ? new Date(startDate) : new Date()
148157
const end = endDate ? new Date(endDate) : addMonths(start, 12)

0 commit comments

Comments
 (0)