issue #949 fixed

parent c7e70c85
......@@ -144,7 +144,9 @@ module.exports = {
else if (stu_sup && !req.token.office)
student.supervision = 1; // requester is tutor of the studend
else if (stu_sup && req.token.office && student.office == req.token.office.id)
student.supervision = 2; // requester is supervisor of student
student.supervision = 2; // requester is supervisor of student
else if (req.token.isStudent && req.token.id == student.id)
student.supervision = 3 // requester is the student himself
if (student.supervision == -1) // should not hace access!!!
return res.forbidden("Access to this student should not be granted to you");
......
......@@ -86,7 +86,7 @@ module.exports.policies = {
StudentController: {
eternal: true,
getInfo: ['tokenAuth', 'isSupervisorOfStudentOrIsSupAdmin'],
getInfo: ['tokenAuth', 'isSupervisorOfStudentOrIsSupAdminOrIsStudent'],
supervisors: ['tokenAuth'],
therapists: ['tokenAuth'],
tutors: ['tokenAuth'],
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment