siwatsystem-public/satitm-sso-node
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

working ish website

Browse source
This commit is contained in:
Siwat Sirichai 2024-05-05 18:13:58 +07:00
parent 5540ac6d81
commit b194d2031d
8 changed files with 271 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

20
routes/ps_relation_parent.js
View file

@ -39,6 +39,18 @@ router.get('/parent/:parent_upn/add-student', async function (req, res) {
if(!req.isAuthenticated()) {
return res.status(401).send('Unauthorized');
}
if (!req.query.pairing_code) {
return res.status(400).send('Pairing code not provided');
}
if (!req.params.parent_upn) {
return res.status(400).send('Parent UPN not provided');
}
if (req.user.username !== req.params.parent_upn) {
return res.status(403).send('Forbidden, UPN mismatch');
}
if (req.user.userType !== directory.USER_TYPE.PARENT) {
return res.status(403).send('Forbidden, not a parent');
}
let parent_upn = req.params.parent_upn;
// Is the logged in user a parent with the same UPN as the one in the URL?
// If not, return a 403 Forbidden response
@ -63,10 +75,16 @@ router.get('/parent/:parent_upn/add-student', async function (req, res) {
res.send('Student added');
});
router.get('/parent/:parent_upn', function (req, res) {
router.get('/parent/:parent_upn', async function (req, res) {
if(!req.isAuthenticated()) {
return res.status(401).send('Unauthorized');
}
if (req.user.username !== req.params.parent_upn) {
return res.status(403).send('Forbidden, UPN mismatch');
}
if (req.user.userType !== directory.USER_TYPE.PARENT) {
return res.status(403).send('Forbidden, not a parent');
}
let parent_upn = req.params.parent_upn;
// Is the logged in user a parent with the same UPN as the one in the URL?
// If not, return a 403 Forbidden response