policies rewritten (missing files added)

ed54ade1 · Arturo Montejo Ráez · 1d2d28d9 · ed54ade1 · ed54ade1 · ed54ade1
Commit ed54ade1 authored Aug 03, 2017 by Arturo Montejo Ráez
Showing with 54 additions and 0 deletions
sails/src/.foreverignore
sails/src/api/policies/isAdminOrOffice.js
sails/src/api/policies/isOffice.js
sails/src/api/policies/isStudentOrSupervisorOfStudent.js
--- a/sails/src/.foreverignore
+++ b/sails/src/.foreverignore
+**/.tmp/**
--- a/sails/src/api/policies/isAdminOrOffice.js
+++ b/sails/src/api/policies/isAdminOrOffice.js
+module.exports = function isAdminOrOffice (req, res, next) {
+
+  //
+  // Only if the user that has connected is global administrator (Yotta employee) or is an office
+  //
+  if (!req.token || req.token.role !== 'admin' && req.token.role !== 'office')
+    res.json(401, {error: 'Access denied'});
+
+  // Finally, if the user has a clean record, we'll call the `next()` function
+  // to let them through to the next policy or our controller
+  next();
+};
--- a/sails/src/api/policies/isOffice.js
+++ b/sails/src/api/policies/isOffice.js
+module.exports = function isSupAdmin (req, res, next) {
+
+  //
+  // A SupAdmin is a supervisor that is administrator of an office
+  // That means that we can find its id at the admin column in an entry at the office table
+  if (!req.token || req.token.role !== 'office')
+    res.json(401, {error: 'Access denied'});
+
+  // Finally, if the user has a clean record, we'll call the `next()` function
+  // to let them through to the next policy or our controller
+  next();
+};
--- a/sails/src/api/policies/isStudentOrSupervisorOfStudent.js
+++ b/sails/src/api/policies/isStudentOrSupervisorOfStudent.js
+module.exports = function isStudentOrSupervisorOfStudent (req, res, next) {
+
+  // sails.log("TOKEN: " + JSON.stringify(req.token));
+
+  if (!req.params.id_stu)
+    return res.json(401, {error: 'Access denied 1'}); // If it is a student, then is ok
+
+  if (req.token && req.token.isStudent && req.token.id == req.params.id_stu)
+    return next();
+
+  // Get list of supervisors for the student
+  Student.supervisors(req.params.id_stu, function(err, sups) {
+  	if (err)
+      return res.json(401, {error: err});
+
+    if (!sups || sups.length == 0)
+  		return res.json(401, {error: "This student has no supervisors associated"});
+
+    // if supervisor is not in the list of supervisors
+    if (sups.map(function(e) {return e.id}).indexOf(req.token.id) < 0)
+      return res.json(401, {error: 'Access denied 3'});
+
+	  // Finally, if the user has a clean record, we'll call the `next()` function
+	  // to let them through to the next policy or our controller
+	  next();
+	});
+
+
+};