fix

UniversityOfHelsinkiCS · Sep 17, 2024 · c268a44 · c268a44
1 parent 638f5e5
commit c268a44
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 5 deletions.
diff --git a/src/client/components/Admin/Statistics.tsx b/src/client/components/Admin/Statistics.tsx
@@ -20,6 +20,7 @@ import useStatistics from '../../hooks/useStatistics'
 import { Statistic } from '../../types'
 import programme from '../../locales/programme.json'
 import faculties from '../../locales/faculties.json'
+import useCurrentUser from '../../hooks/useCurrentUser'
 
 const Statistics = () => {
   const [from, setFrom] = useState(1)
@@ -28,8 +29,9 @@ const Statistics = () => {
   const { statistics, isLoading } = useStatistics()
   const { t, i18n } = useTranslation()
   const { language } = i18n
+  const { user, isLoading: isUserLoading } = useCurrentUser()
 
-  if (isLoading) return null
+  if (isLoading || isUserLoading) return null
 
   const namesOf = (codes: string[]) => {
     if (!codes || codes.length === 0) return ''
@@ -157,9 +159,13 @@ const Statistics = () => {
                     <Typography>{chat.codes.join(', ')}</Typography>
                   </TableCell>
                   <TableCell align="left">
-                    <Link to={`/courses/${chat.id}`} component={RouterLink}>
+                    {user.isAdmin ? (
+                      <Link to={`/courses/${chat.id}`} component={RouterLink}>
+                        <Typography>{chat.name[language]}</Typography>
+                      </Link>
+                    ) : (
                       <Typography>{chat.name[language]}</Typography>
-                    </Link>
+                    )}
                   </TableCell>
                   <TableCell align="left">
                     <Typography>

diff --git a/src/server/routes/course.ts b/src/server/routes/course.ts
@@ -94,8 +94,20 @@ courseRouter.get('/statistics/:id', async (req, res) => {
   return res.send({ average, usagePercentage, usages: normalizedUsage })
 })
 
+interface AcualResponsibility {
+  id: string
+  user: {
+    id: string
+    username: string
+    last_name: string
+    first_names: string
+  }
+}
+
 courseRouter.get('/:id', async (req, res) => {
   const { id } = req.params
+  const request = req as unknown as RequestWithUser
+  const { user } = request
 
   const include = [
     {
@@ -134,10 +146,16 @@ courseRouter.get('/:id', async (req, res) => {
     },
   ]
 
-  const chatInstance = await ChatInstance.findOne({
+  const chatInstance = (await ChatInstance.findOne({
     where: { courseId: id },
     include,
-  })
+  })) as ChatInstance & { responsibilities: AcualResponsibility[] }
+
+  const canAccess =
+    user.isAdmin ||
+    chatInstance.responsibilities.map((r) => r.user.id).includes(user.id)
+
+  if (!canAccess) throw new Error('Unauthorized')
 
   return res.send(chatInstance)
 })