Data permission check.

bcgov · Sep 18, 2024 · 1e0ce6a · 1e0ce6a
1 parent 7b85f1e
commit 1e0ce6a
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 4 deletions.
diff --git a/backend/src/components/permissionUtils.js b/backend/src/components/permissionUtils.js
@@ -185,11 +185,19 @@ function checkAnyEdxUserSignoffPermission(permissions) {
  message: 'User doesn\'t have permission.'
  });
  }
- log.info('proceed to next');
  return next();
  };
 }
 
+function checkPermissionForSignOff(req, res, next) {
+ if (!req.session.activeInstitutePermissions.includes(req.body.districtSignatoryRole)) {
+ return res.status(HttpStatus.FORBIDDEN).json({
+ message: 'User doesn\'t have permission.'
+ });
+ }
+ return next();
+}
+
 //Find Institute IDs
 function findInstituteInformation_query(req, res, next) {
  res.locals.requestedInstituteType = req.query.schoolID ? 'SCHOOL' : 'DISTRICT';
@@ -591,7 +599,8 @@ const permUtils = {
  checkSdcDuplicateAccess,
  checkUserAccessToDuplicateSdcSchoolCollections,
  checkDistrictBelongsInSdcDistrictCollection,
- checkAnyEdxUserSignoffPermission
+ checkAnyEdxUserSignoffPermission,
+ checkPermissionForSignOff
 };
 
 module.exports = permUtils;
diff --git a/backend/src/routes/sdc.js b/backend/src/routes/sdc.js