aanmaken 'is_user_authenticated_for_subject' #45

SELab-2 · Mar 7, 2024 · 5ebf484 · 5ebf484
1 parent 80a4939
commit 5ebf484
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 4 deletions.
diff --git a/backend/routes/dependencies/role_dependencies.py b/backend/routes/dependencies/role_dependencies.py
@@ -4,10 +4,11 @@
 from db.sessions import get_session
 from domain.logic.admin import get_admin, is_user_admin
 from domain.logic.student import get_student, is_user_student
-from domain.logic.subject import get_subjects_of_student
+from domain.logic.subject import get_subjects_of_student, get_subjects_of_teacher
 from domain.logic.teacher import get_teacher, is_user_teacher
 from domain.models.AdminDataclass import AdminDataclass
 from domain.models.StudentDataclass import StudentDataclass
+from domain.models.SubjectDataclass import SubjectDataclass
 from domain.models.TeacherDataclass import TeacherDataclass
 from routes.errors.authentication import (
     InvalidAdminCredentialsError,
@@ -42,6 +43,19 @@ def get_authenticated_student(session: Session = Depends(get_session)) -> Studen
     return get_student(session, user_id)
 
 
+def is_user_authorized_for_subject(session: Session, subject_id: int) -> bool:
+    user_id = get_authenticated_user()
+    if is_user_teacher(session, user_id):
+        subjects_of_teacher: list[SubjectDataclass] = get_subjects_of_teacher(session, subject_id)
+        return subject_id in [subject.id for subject in subjects_of_teacher]
+
+    if is_user_student(session, user_id):
+        subjects_of_student: list[SubjectDataclass] = get_subjects_of_student(session, subject_id)
+        return subject_id in [subject.id for subject in subjects_of_student]
+
+    return False
+
+
 def get_authenticated_student_for_subject(
         subject_id: int,
         session: Session = Depends(get_session),

diff --git a/backend/routes/subject.py b/backend/routes/subject.py
@@ -6,7 +6,10 @@
 from domain.logic.subject import get_subject
 from domain.models.ProjectDataclass import ProjectDataclass
 from domain.models.SubjectDataclass import SubjectDataclass
-from routes.dependencies.role_dependencies import get_authenticated_student
+from routes.dependencies.role_dependencies import (
+    get_authenticated_student,
+    is_user_authorized_for_subject,
+)
 
 subject_router = APIRouter()
 
@@ -16,6 +19,6 @@ def subject_get(subject_id: int, session: Session = Depends(get_session)) -> Sub
     return get_subject(session, subject_id)
 
 
-@subject_router.get("/subjects/{subject_id}/projects", dependencies=[Depends(get_authenticated_student)])
+@subject_router.get("/subjects/{subject_id}/projects", dependencies=[Depends(is_user_authorized_for_subject)])
 def get_subject_projects(subject_id: int, session: Session = Depends(get_session)) -> list[ProjectDataclass]:
     return get_projects_of_subject(session, subject_id)
diff --git a/backend/routes/teacher.py b/backend/routes/teacher.py
@@ -19,7 +19,7 @@ def subjects_of_teacher_get(
     return get_subjects_of_teacher(session, teacher.id)
 
 
-@teacher_router.post("teacher/subjects", dependencies=[Depends(get_authenticated_teacher)])
+@teacher_router.post("/teacher/subjects", dependencies=[Depends(get_authenticated_teacher)])
 def create_subject_post(
     subject: SubjectDataclass,
     session: Session = Depends(get_session),