From eb10f3508c1d95a7d56d77439f5a0de24fe5bd35 Mon Sep 17 00:00:00 2001 From: Bram Devlaminck Date: Sun, 22 May 2022 17:39:46 +0200 Subject: [PATCH 1/2] fix: remove logs and double / error --- frontend/components/Header/Header.tsx | 8 +------- frontend/components/ProjectCard/ProjectCard.tsx | 1 - frontend/components/Students/Students.tsx | 2 +- frontend/pages/osocs.tsx | 1 - 4 files changed, 2 insertions(+), 10 deletions(-) diff --git a/frontend/components/Header/Header.tsx b/frontend/components/Header/Header.tsx index 582018ea..51132dd2 100644 --- a/frontend/components/Header/Header.tsx +++ b/frontend/components/Header/Header.tsx @@ -64,13 +64,7 @@ export const Header: React.FC = () => { Accept: "application/json", Authorization: `auth/osoc2 ${sessionKey}`, }, - }) - .then((response) => { - if (!response.ok) { - console.log(response); - } - }) - .catch((error) => console.log(error)); + }).catch((error) => console.log(error)); }); }; diff --git a/frontend/components/ProjectCard/ProjectCard.tsx b/frontend/components/ProjectCard/ProjectCard.tsx index e319f319..587349a2 100644 --- a/frontend/components/ProjectCard/ProjectCard.tsx +++ b/frontend/components/ProjectCard/ProjectCard.tsx @@ -31,7 +31,6 @@ export const ProjectCard: React.FC<{ const { sessionKey } = getSession ? await getSession() : { sessionKey: "" }; - console.log("test"); const response = await fetch( `${process.env.NEXT_PUBLIC_API_URL}/project/${project.id}/assignee`, { diff --git a/frontend/components/Students/Students.tsx b/frontend/components/Students/Students.tsx index f7f5c05d..e85a292a 100644 --- a/frontend/components/Students/Students.tsx +++ b/frontend/components/Students/Students.tsx @@ -228,7 +228,7 @@ export const Students: React.FC<{ paramsQuery.delete("id"); // push the url router - .push(`/${window.location.pathname}?${paramsQuery.toString()}`) + .push(`${window.location.pathname}?${paramsQuery.toString()}`) .then(); if (params !== undefined) { diff --git a/frontend/pages/osocs.tsx b/frontend/pages/osocs.tsx index dacc10c9..da290083 100644 --- a/frontend/pages/osocs.tsx +++ b/frontend/pages/osocs.tsx @@ -76,7 +76,6 @@ const Osocs: NextPage = () => { */ const search = useCallback( async (params: OsocFilterParams, page: number) => { - console.log("callback"); if (loading) return; isLoading(true); const filters = []; From 0483c02ec309176a2f533f1d3eeb676c0d166271 Mon Sep 17 00:00:00 2001 From: Bram Devlaminck Date: Sun, 22 May 2022 18:08:01 +0200 Subject: [PATCH 2/2] fix: status check was wrong --- backend/routes/followup.ts | 5 +++-- backend/tests/routes_unit/followup.test.ts | 7 ++++++- backend/utility.ts | 24 ++++++++++++++++++++++ 3 files changed, 33 insertions(+), 3 deletions(-) diff --git a/backend/routes/followup.ts b/backend/routes/followup.ts index 72a0f101..1ee857dd 100644 --- a/backend/routes/followup.ts +++ b/backend/routes/followup.ts @@ -4,7 +4,7 @@ import * as ormJA from "../orm_functions/job_application"; import * as rq from "../request"; import { Responses } from "../types"; import * as util from "../utility"; -import { checkYearPermissionStudent, errors } from "../utility"; +import { checkYearPermissionsFollowup, errors } from "../utility"; import { getOsocYearsForLoginUser } from "../orm_functions/login_user"; import { getLatestOsoc, getOsocById } from "../orm_functions/osoc"; import { getJobApplication } from "../orm_functions/job_application"; @@ -21,6 +21,7 @@ export async function getFollowup( return rq .parseGetFollowupStudentRequest(req) .then((parsed) => util.checkSessionKey(parsed)) + .then(checkYearPermissionsFollowup) .then((checked) => ormJA .getJobApplication(checked.data.id) @@ -59,7 +60,7 @@ export async function updateFollowup( return rq .parseSetFollowupStudentRequest(req) .then((parsed) => util.checkSessionKey(parsed)) - .then(checkYearPermissionStudent) + .then(checkYearPermissionsFollowup) .then(async (checked) => { // modifications to a job application is only allowed if the job application is of the most recent osoc year const [jobApplication, latestOsoc] = await Promise.all([ diff --git a/backend/tests/routes_unit/followup.test.ts b/backend/tests/routes_unit/followup.test.ts index a2c1c19f..2915da9f 100644 --- a/backend/tests/routes_unit/followup.test.ts +++ b/backend/tests/routes_unit/followup.test.ts @@ -30,7 +30,8 @@ jest.mock("../../utility", () => { checkSessionKey: jest.fn(), isAdmin: jest.fn(), checkYearPermissionStudent: jest.fn(), - }; // we want to only mock checkSessionKey, isAdmin and checkYearPermissionStudent + checkYearPermissionsFollowup: jest.fn(), + }; // we want to only mock checkSessionKey, isAdmin, checkYearPermissionStudent and checkYearPermissionsFollowup }); export const utilMock = util as jest.Mocked; @@ -179,6 +180,9 @@ beforeEach(() => { utilMock.checkYearPermissionStudent.mockImplementation((v) => Promise.resolve(v) ); + utilMock.checkYearPermissionsFollowup.mockImplementation((v) => + Promise.resolve(v) + ); osocMock.getLatestOsoc.mockResolvedValue(osocdat); osocMock.getOsocById.mockResolvedValue(osocdat); @@ -210,6 +214,7 @@ afterEach(() => { utilMock.checkSessionKey.mockReset(); utilMock.isAdmin.mockReset(); utilMock.checkYearPermissionStudent.mockReset(); + utilMock.checkYearPermissionsFollowup.mockReset(); osocMock.getLatestOsoc.mockReset(); osocMock.getOsocById.mockReset(); diff --git a/backend/utility.ts b/backend/utility.ts index 11725757..14f3bfee 100644 --- a/backend/utility.ts +++ b/backend/utility.ts @@ -24,6 +24,7 @@ import { getAppliedYearsForStudent } from "./orm_functions/student"; import IdRequest = Requests.IdRequest; import { getProjectYear } from "./orm_functions/project"; import { getOsocById } from "./orm_functions/osoc"; +import { getJobApplication } from "./orm_functions/job_application"; /** * The API error cooking functions. HTTP error codes are loaded from @@ -416,6 +417,29 @@ export async function checkYearPermissionOsoc( return Promise.reject(errors.cookInsufficientRights()); } +/** + * returns the userData object if the user is allowed to see the followup + * Otherwise it returns an insufficient rights error. + * @param userData: object with the userId and osocID + */ +export async function checkYearPermissionsFollowup( + userData: WithUserID +): Promise> { + // get the years that are visible for the loginUser + const visibleYears = await getOsocYearsForLoginUser(userData.userId); + // get the year that the application belongs to + const job_application = await getJobApplication(userData.data.id); + + // check if the project year is inside the visible years for the user + if ( + job_application !== null && + visibleYears.includes(job_application.osoc.year) + ) { + return userData; + } + return Promise.reject(errors.cookInsufficientRights()); +} + /** * Generates a new session key. * @returns The newly generated session key.