From 5ebf48480a872c28b2a88100e4a394927e0f26e4 Mon Sep 17 00:00:00 2001 From: Lukas Barragan Torres Date: Thu, 7 Mar 2024 16:30:42 +0100 Subject: [PATCH] aanmaken 'is_user_authenticated_for_subject' #45 --- backend/routes/dependencies/role_dependencies.py | 16 +++++++++++++++- backend/routes/subject.py | 7 +++++-- backend/routes/teacher.py | 2 +- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/backend/routes/dependencies/role_dependencies.py b/backend/routes/dependencies/role_dependencies.py index a8e6e994..9c3eeb23 100644 --- a/backend/routes/dependencies/role_dependencies.py +++ b/backend/routes/dependencies/role_dependencies.py @@ -4,10 +4,11 @@ from db.sessions import get_session from domain.logic.admin import get_admin, is_user_admin from domain.logic.student import get_student, is_user_student -from domain.logic.subject import get_subjects_of_student +from domain.logic.subject import get_subjects_of_student, get_subjects_of_teacher from domain.logic.teacher import get_teacher, is_user_teacher from domain.models.AdminDataclass import AdminDataclass from domain.models.StudentDataclass import StudentDataclass +from domain.models.SubjectDataclass import SubjectDataclass from domain.models.TeacherDataclass import TeacherDataclass from routes.errors.authentication import ( InvalidAdminCredentialsError, @@ -42,6 +43,19 @@ def get_authenticated_student(session: Session = Depends(get_session)) -> Studen return get_student(session, user_id) +def is_user_authorized_for_subject(session: Session, subject_id: int) -> bool: + user_id = get_authenticated_user() + if is_user_teacher(session, user_id): + subjects_of_teacher: list[SubjectDataclass] = get_subjects_of_teacher(session, subject_id) + return subject_id in [subject.id for subject in subjects_of_teacher] + + if is_user_student(session, user_id): + subjects_of_student: list[SubjectDataclass] = get_subjects_of_student(session, subject_id) + return subject_id in [subject.id for subject in subjects_of_student] + + return False + + def get_authenticated_student_for_subject( subject_id: int, session: Session = Depends(get_session), diff --git a/backend/routes/subject.py b/backend/routes/subject.py index 14c3e473..fdec830c 100644 --- a/backend/routes/subject.py +++ b/backend/routes/subject.py @@ -6,7 +6,10 @@ from domain.logic.subject import get_subject from domain.models.ProjectDataclass import ProjectDataclass from domain.models.SubjectDataclass import SubjectDataclass -from routes.dependencies.role_dependencies import get_authenticated_student +from routes.dependencies.role_dependencies import ( + get_authenticated_student, + is_user_authorized_for_subject, +) subject_router = APIRouter() @@ -16,6 +19,6 @@ def subject_get(subject_id: int, session: Session = Depends(get_session)) -> Sub return get_subject(session, subject_id) -@subject_router.get("/subjects/{subject_id}/projects", dependencies=[Depends(get_authenticated_student)]) +@subject_router.get("/subjects/{subject_id}/projects", dependencies=[Depends(is_user_authorized_for_subject)]) def get_subject_projects(subject_id: int, session: Session = Depends(get_session)) -> list[ProjectDataclass]: return get_projects_of_subject(session, subject_id) diff --git a/backend/routes/teacher.py b/backend/routes/teacher.py index 2f7c4f61..6ccdbe4c 100644 --- a/backend/routes/teacher.py +++ b/backend/routes/teacher.py @@ -19,7 +19,7 @@ def subjects_of_teacher_get( return get_subjects_of_teacher(session, teacher.id) -@teacher_router.post("teacher/subjects", dependencies=[Depends(get_authenticated_teacher)]) +@teacher_router.post("/teacher/subjects", dependencies=[Depends(get_authenticated_teacher)]) def create_subject_post( subject: SubjectDataclass, session: Session = Depends(get_session),