issue #949 fixed (adding missing policy file)

684534be · Arturo Montejo Ráez · 7f807c1d · 684534be
Commit 684534be authored Feb 23, 2017 by Arturo Montejo Ráez
Showing with 30 additions and 0 deletions
sails/src/api/policies/isSupervisorOfStudentOrIsSupAdminOrIsStudent.js
--- a/sails/src/api/policies/isSupervisorOfStudentOrIsSupAdminOrIsStudent.js
+++ b/sails/src/api/policies/isSupervisorOfStudentOrIsSupAdminOrIsStudent.js
+module.exports = function isSupervisorOfStudentOrIsSupAdminOrIsStudent (req, res, next) {
+
+  // sails.log("TOKEN: " + JSON.stringify(req.token));
+
+  if (!req.params.id_stu)
+    return res.json(401, {error: 'Access denied 1'}); // If it is a student, then is ok
+
+    Student.findOne(req.params.id_stu)
+	.then(function (s) {
+	    if (req.token && req.token.isStudent && req.token.id == req.params.id_stu)
+		return next(); // Is Student
+
+	    if (req.token.office && s.office == req.token.office.id && req.token.isSupAdmin)
+		return next(); // Is Office's administrator
+
+	    s.supervisors((err, sups) => {
+		if (err || !sups || sups.length == 0)
+		    return res.json(401, {error: "This student has no supervisors associated"});
+
+		if (sups.map(function(e) {return e.id}).indexOf(req.token.id) >= 0)
+		    return next(); // Is Supervisor of Student
+
+		return res.json(401, {error: "No valid credentials"});
+	    });
+	})
+	.catch((err) => {
+	    return res.json(401, {error: "Student not found"});
+	});
+  
+};