Merge branch 'develop' of http://scm.ujaen.es/softuno/pictogram into develop

sails/src/api/controllers/OfficeController.js

@@ -135,14 +135,28 @@ module.exports = {
     .findOne({ id: req.params.id })
     .populate('supervisors')
     .then(function (office) {
-      if (office) {
-        res.ok(office.supervisors);
-      } else {
-        res.notFound();
-      }
+      if (!office)
+        return res.notFound();
+      var sups = [];
+      async.eachSeries(office.supervisors,
+        function(sup, next) {
+          StuSup.find({id_sup: sup.id})
+          .populate('student')
+          .then((stusups) => {
+            var sup_obj = sup.toObject();
+            sup_obj.students = stusups.map((stusup) => {return stusup.student});
+            sups.push(sup_obj);
+          })
+          .catch((err) => next(err));
+        },
+        function(err) {
+          if (err)
+            return res.serverError("Unable to get students");
+            return res.ok(sups);
+      });
     })
     .catch(function () {
-      res.badRequest();
+      return res.badRequest();
     });
   },
 };

sails/src/api/policies/isAdminOrIsSupAdmin.js

+module.exports = function isAdmin (req, res, next) {
+
+  //
+  // Only if the user that has connected is global administrator (Yotta employee)
+  //
+  if (!req.token || !(req.token.isAdmin  || req.token.isSupAdmin))
+    res.json(401, {error: 'Access denied'});
+
+  // Finally, if the user has a clean record, we'll call the `next()` function
+  // to let them through to the next policy or our controller
+  next();
+};

sails/src/config/policies.js

@@ -63,7 +63,7 @@ module.exports.policies = {
     getAll: true,
     get: ['tokenAuth'],
     getBasic: true,
-    supervisors: ['tokenAuth', 'isAdmin']
+    supervisors: ['tokenAuth', 'isAdminOrIsSupAdmin']
   },
 
   PictoController: {