problem with isSupervisorOfStudentOrIsSupAdmin fixed

parent fac1eb02
...@@ -266,7 +266,6 @@ module.exports = { ...@@ -266,7 +266,6 @@ module.exports = {
// student // student
supervisors: function(id_stu, callback) { supervisors: function(id_stu, callback) {
StuSup.find({id_stu: id_stu}).populate('supervisor').exec(function(err, stuSups) { StuSup.find({id_stu: id_stu}).populate('supervisor').exec(function(err, stuSups) {
if (err) if (err)
return callback(err, []); return callback(err, []);
if (!stuSups || stuSups.length == 0) if (!stuSups || stuSups.length == 0)
......
...@@ -6,33 +6,30 @@ module.exports = function isSupervisorOfStudentOrIsSupAdmin(req, res, next) { ...@@ -6,33 +6,30 @@ module.exports = function isSupervisorOfStudentOrIsSupAdmin(req, res, next) {
if (!studentId || !supervisorId) { if (!studentId || !supervisorId) {
sails.log.error('This request needs an id_stu parameter and a authenticated supervisor'); sails.log.error('This request needs an id_stu parameter and a authenticated supervisor');
res.json(401, { error: 'Access denied' }); return res.json(401, { error: 'Access denied' });
} else { } else {
Student.findOne(studentId) Student.findOne(studentId)
.then(function (s) { .then(function (s) {
if (s.office == req.token.office.id && req.token.isSupAdmin) { if (req.token.office && s.office == req.token.office.id && req.token.isSupAdmin)
next(); next();
}
else { else {
Student.supervisors(studentId, function (err, sups) { Student.supervisors(studentId, function (err, sups) {
const studentSupervisorsIds = sups.map((studentSupervisor) => studentSupervisor.id); if (err)
return res.json(401, {error: 'Access denied'});
var supIds = sups.map((studentSupervisor) => studentSupervisor.id);
if (supIds.indexOf(supervisorId) >= 0)
return next();
if (err || studentSupervisorsIds.length === 0) { sails.log.error(`Supervisor ${supervisorId} is not assigned to Student ${studentId}`);
sails.log.error(`Student ${studentId} has no supervisor assigned`); return res.json(401, { error: 'Access denied' });
res.json(401, { error: 'Access denied' }); });
} else if (studentSupervisorsIds.indexOf(supervisorId) < 0) {
sails.log.error(`Supervisor ${supervisorId} is not assigned to Student ${studentId}`);
sails.log.debug(`Student supervisors: ${studentSupervisorsIds}`);
res.json(401, { error: 'Access denied' });
} else {
sails.log.debug(`Supervisor ${supervisorId} is assigned to Student ${studentId}`);
next();
}
})
} }
}) })
.catch((err) => { .catch((err) => {
res.json(401, {error: "No student found"})
sails.log.error(JSON.stringify(err));
return res.json(401, { error: "No student found" })
}); });
} }
}; };
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment