106 lines
No EOL
4.1 KiB
JavaScript
106 lines
No EOL
4.1 KiB
JavaScript
// This file contains the routes for the the account linking process on the parent side.
|
|
|
|
let express = require('express');
|
|
let router = express.Router();
|
|
let passport = require('passport');
|
|
let directory = require('../directory.js');
|
|
let database = require('../config/database.js');
|
|
|
|
// Consume the pairing code
|
|
// Return the student's UPN then delete the pairing code
|
|
async function consumePairingCode(pairing_code) {
|
|
return new Promise((resolve, reject) => {
|
|
let sql = 'SELECT upn FROM ps_pairing_codes WHERE pairing_code = ?';
|
|
database.query(sql, pairing_code, function (err, result) {
|
|
if (err) {
|
|
console.log('Error:', err);
|
|
reject(err);
|
|
} else {
|
|
if (result.length === 0) {
|
|
resolve(null);
|
|
} else {
|
|
let upn = result[0].upn;
|
|
let deleteSql = 'DELETE FROM ps_pairing_codes WHERE pairing_code = ?';
|
|
database.query(deleteSql, pairing_code, function (err, result) {
|
|
if (err) {
|
|
console.log('Error:', err);
|
|
} else {
|
|
console.log('Pairing code consumed');
|
|
}
|
|
});
|
|
resolve(upn);
|
|
}
|
|
}
|
|
});
|
|
});
|
|
}
|
|
|
|
router.get('/parent/:parent_upn/add-student', async function (req, res) {
|
|
if(!req.isAuthenticated()) {
|
|
return res.status(401).send('Unauthorized');
|
|
}
|
|
if (!req.query.pairing_code) {
|
|
return res.status(400).send('Pairing code not provided');
|
|
}
|
|
if (!req.params.parent_upn) {
|
|
return res.status(400).send('Parent UPN not provided');
|
|
}
|
|
if (req.user.username !== req.params.parent_upn) {
|
|
return res.status(403).send('Forbidden, UPN mismatch');
|
|
}
|
|
if (req.user.userType !== directory.USER_TYPE.PARENT) {
|
|
return res.status(403).send('Forbidden, not a parent');
|
|
}
|
|
let parent_upn = req.params.parent_upn;
|
|
// Is the logged in user a parent with the same UPN as the one in the URL?
|
|
// If not, return a 403 Forbidden response
|
|
if (req.user.username !== parent_upn) {
|
|
return res.status(403).send('Forbidden, UPN mismatch');
|
|
}
|
|
// Consume the pairing code, if it return null, return a 404 Not Found response
|
|
// Don't update the parent's student list yet
|
|
// Note that we won't return the student's details in this route
|
|
// Just a success message
|
|
let pairing_code = req.query.pairing_code;
|
|
// Is the pairing code in the query string?
|
|
if (!pairing_code) {
|
|
return res.status(400).send('Bad Request, pairing_code missing');
|
|
}
|
|
let student_upn = '';
|
|
let student = await consumePairingCode(pairing_code);
|
|
if (!student) {
|
|
return res.status(404).send('Not Found, pairing_code not found');
|
|
}
|
|
await directory.setPrimaryParent(student, parent_upn);
|
|
res.send('Student added');
|
|
});
|
|
|
|
router.get('/parent/:parent_upn', async function (req, res) {
|
|
if(!req.isAuthenticated()) {
|
|
return res.status(401).send('Unauthorized');
|
|
}
|
|
if (req.user.username !== req.params.parent_upn) {
|
|
return res.status(403).send('Forbidden, UPN mismatch');
|
|
}
|
|
if (req.user.userType !== directory.USER_TYPE.PARENT) {
|
|
return res.status(403).send('Forbidden, not a parent');
|
|
}
|
|
let parent_upn = req.params.parent_upn;
|
|
// Is the logged in user a parent with the same UPN as the one in the URL?
|
|
// If not, return a 403 Forbidden response
|
|
if (req.user.username !== parent_upn) {
|
|
return res.status(403).send('Forbidden, UPN mismatch');
|
|
}
|
|
// Return the parent's details in the session in JSON format
|
|
allowedAttributes = ['username', 'first_name', 'last_name'];
|
|
let parent = {};
|
|
allowedAttributes.forEach(function (attribute) {
|
|
parent[attribute] = req.user[attribute];
|
|
});
|
|
// Get the list of students linked to the parent
|
|
let students = await directory.getStudentsByParent(parent.username);
|
|
parent.students = students;
|
|
res.json(parent);
|
|
});
|
|
|
|
module.exports = router; |