gordon-cs · EjPlatzer · Sep 5, 2024 · Sep 5, 2024 · Sep 5, 2024 · EjPlatzer
diff --git a/Gordon360/Authorization/StateYourBusiness.cs b/Gordon360/Authorization/StateYourBusiness.cs
@@ -45,6 +45,7 @@
  private IMembershipService _membershipService;
  private IMembershipRequestService _membershipRequestService;
  private INewsService _newsService;
+ private IAccountService _accountService;
 
  //RecIM services
  private IParticipantService _recimParticipantService;
@@ -64,13 +65,14 @@
 _membershipService = context.HttpContext.RequestServices.GetRequiredService<IMembershipService>();
  _membershipRequestService = context.HttpContext.RequestServices.GetRequiredService<IMembershipRequestService>();
  _newsService = context.HttpContext.RequestServices.GetRequiredService<INewsService>();
  _CCTContext = context.HttpContext.RequestServices.GetService<CCTContext>();
+ _accountService = context.HttpContext.RequestServices.GetRequiredService<IAccountService>();
 
  // set RecIM services
  _recimParticipantService = context.HttpContext.RequestServices.GetRequiredService<IParticipantService>();
  _recimTeamService = context.HttpContext.RequestServices.GetRequiredService<ITeamService>();
  _recimActivityService = context.HttpContext.RequestServices.GetRequiredService<Services.RecIM.IActivityService>();
-
+ 
  user_name = AuthUtils.GetUsername(authenticatedUser);
  user_groups = AuthUtils.GetGroups(authenticatedUser);
 
@@ -106,7 +108,7 @@
 /*
 * Operations
 */
 private async Task<bool> CanReadOneAsync(string resource)
 {
 // User is admin
 if (user_groups.Contains(AuthGroup.SiteAdmin))
@@ -188,6 +190,10 @@
  }
  case Resource.NEWS:
  return true;
+ case Resource.STUDENT_SCHEDULE:
+ if (context.ActionArguments["username"] is string viewed_username)
+ return user_groups.Contains(AuthGroup.Advisors) || viewed_username.EqualsIgnoreCase(user_name) || _accountService.GetAccountByUsername(viewed_username).AccountType.EqualsIgnoreCase("FACULTY");
+ return false;
  default: return false;
 
  }

diff --git a/Gordon360/Controllers/ScheduleController.cs b/Gordon360/Controllers/ScheduleController.cs
@@ -2,6 +2,7 @@
 using Gordon360.Enums;
 using Gordon360.Models.ViewModels;
 using Gordon360.Services;
+using Gordon360.Static.Names;
 using Microsoft.AspNetCore.Mvc;
 using System.Collections.Generic;
 using System.Linq;
@@ -19,6 +20,7 @@
  /// <returns>A IEnumerable of session objects as well as the schedules</returns>
  [HttpGet]
  [Route("{username}/allcourses")]
+ [StateYourBusiness(operation = Operation.READ_ONE, resource = Resource.STUDENT_SCHEDULE)]
  public async Task<ActionResult<CoursesBySessionViewModel>> GetAllCourses(string username)
  {
  IEnumerable<CoursesBySessionViewModel> result = await scheduleService.GetAllCoursesAsync(username);
@@ -32,7 +34,7 @@
 /// <returns>Whether they can read student schedules</returns>
 [HttpGet]
 [Route("canreadstudent")]
 public async Task<ActionResult<bool>> GetCanReadStudentSchedules()
 {
 var groups = AuthUtils.GetGroups(User);
 return groups.Contains(AuthGroup.Advisors);

diff --git a/Gordon360/Static Classes/Names.cs b/Gordon360/Static Classes/Names.cs
@@ -36,6 +36,7 @@ public static class Resource
  public const string RECIM_PARTICIPANT_ADMIN = "The admin status of a RecIM participating user";
  public const string RECIM_SUPER_ADMIN = "A RecIM director level resource";
  public const string RECIM_SURFACE = "RecIM Surfaces/Playing fields/Locations";
+ public const string STUDENT_SCHEDULE = "A student's schedule events";
 
  // Partial resources, to be targetted by Operation.READ_PARTIAL
  public const string MEMBERSHIP_REQUEST_BY_ACTIVITY = "Membership Request Resources associated with an activity";