issue #949 fixed

ab5c1d43 · Arturo Montejo Ráez · c7e70c85 · ab5c1d43 · ab5c1d43
Commit ab5c1d43 authored Feb 23, 2017 by Arturo Montejo Ráez
Showing with 4 additions and 2 deletions
sails/src/api/controllers/StudentController.js
sails/src/config/policies.js
--- a/sails/src/api/controllers/StudentController.js
+++ b/sails/src/api/controllers/StudentController.js
@@ -144,7 +144,9 @@ module.exports = {
      else if (stu_sup && !req.token.office)
        student.supervision = 1; // requester is tutor of the studend
      else if (stu_sup && req.token.office && student.office == req.token.office.id)
-        student.supervision = 2; // requester is supervisor of student
+          student.supervision = 2; // requester is supervisor of student
+	else if (req.token.isStudent && req.token.id == student.id)
+	    student.supervision = 3 // requester is the student himself

      if (student.supervision == -1) // should not hace access!!!
        return res.forbidden("Access to this student should not be granted to you");

--- a/sails/src/config/policies.js
+++ b/sails/src/config/policies.js
@@ -86,7 +86,7 @@ module.exports.policies = {

  StudentController: {
    eternal: true,
-    getInfo: ['tokenAuth', 'isSupervisorOfStudentOrIsSupAdmin'],
+    getInfo: ['tokenAuth', 'isSupervisorOfStudentOrIsSupAdminOrIsStudent'],
    supervisors: ['tokenAuth'],
    therapists: ['tokenAuth'],
    tutors: ['tokenAuth'],