From cb73a7c7634a89616e483bc6e93bc19dbf4e59a7 Mon Sep 17 00:00:00 2001 From: Bennett F Forkner Date: Thu, 5 Sep 2024 15:50:17 -0400 Subject: [PATCH 1/3] Add SYB to schedules --- Gordon360/Authorization/StateYourBusiness.cs | 4 +++- Gordon360/Controllers/ScheduleController.cs | 2 ++ Gordon360/Static Classes/Names.cs | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Gordon360/Authorization/StateYourBusiness.cs b/Gordon360/Authorization/StateYourBusiness.cs index f85621ce5..5bad337c9 100644 --- a/Gordon360/Authorization/StateYourBusiness.cs +++ b/Gordon360/Authorization/StateYourBusiness.cs @@ -70,7 +70,7 @@ public async override Task OnActionExecutionAsync(ActionExecutingContext actionC _recimParticipantService = context.HttpContext.RequestServices.GetRequiredService(); _recimTeamService = context.HttpContext.RequestServices.GetRequiredService(); _recimActivityService = context.HttpContext.RequestServices.GetRequiredService(); - + user_name = AuthUtils.GetUsername(authenticatedUser); user_groups = AuthUtils.GetGroups(authenticatedUser); @@ -188,6 +188,8 @@ private async Task CanReadOneAsync(string resource) } case Resource.NEWS: return true; + case Resource.STUDENT_SCHEDULE: + return user_groups.Contains(AuthGroup.Advisors); default: return false; } diff --git a/Gordon360/Controllers/ScheduleController.cs b/Gordon360/Controllers/ScheduleController.cs index bb3a20f8b..7253adc55 100644 --- a/Gordon360/Controllers/ScheduleController.cs +++ b/Gordon360/Controllers/ScheduleController.cs @@ -2,6 +2,7 @@ using Gordon360.Enums; using Gordon360.Models.ViewModels; using Gordon360.Services; +using Gordon360.Static.Names; using Microsoft.AspNetCore.Mvc; using System.Collections.Generic; using System.Linq; @@ -19,6 +20,7 @@ public class ScheduleController(IScheduleService scheduleService) : ControllerBa /// A IEnumerable of session objects as well as the schedules [HttpGet] [Route("{username}/allcourses")] + [StateYourBusiness(operation = Operation.READ_ONE, resource = Resource.STUDENT_SCHEDULE)] public async Task> GetAllCourses(string username) { IEnumerable result = await scheduleService.GetAllCoursesAsync(username); diff --git a/Gordon360/Static Classes/Names.cs b/Gordon360/Static Classes/Names.cs index c852e7e75..c41090a56 100644 --- a/Gordon360/Static Classes/Names.cs +++ b/Gordon360/Static Classes/Names.cs @@ -36,6 +36,7 @@ public static class Resource public const string RECIM_PARTICIPANT_ADMIN = "The admin status of a RecIM participating user"; public const string RECIM_SUPER_ADMIN = "A RecIM director level resource"; public const string RECIM_SURFACE = "RecIM Surfaces/Playing fields/Locations"; + public const string STUDENT_SCHEDULE = "A student's schedule events"; // Partial resources, to be targetted by Operation.READ_PARTIAL public const string MEMBERSHIP_REQUEST_BY_ACTIVITY = "Membership Request Resources associated with an activity"; From cd53dfd07b24af612e0808d1d341779eeb4b1679 Mon Sep 17 00:00:00 2001 From: Bennett F Forkner Date: Thu, 5 Sep 2024 16:11:42 -0400 Subject: [PATCH 2/3] add additional cases for viewing schedules --- Gordon360/Authorization/StateYourBusiness.cs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Gordon360/Authorization/StateYourBusiness.cs b/Gordon360/Authorization/StateYourBusiness.cs index 5bad337c9..865f3962c 100644 --- a/Gordon360/Authorization/StateYourBusiness.cs +++ b/Gordon360/Authorization/StateYourBusiness.cs @@ -45,6 +45,7 @@ public class StateYourBusiness : ActionFilterAttribute private IMembershipService _membershipService; private IMembershipRequestService _membershipRequestService; private INewsService _newsService; + private IAccountService _accountService; //RecIM services private IParticipantService _recimParticipantService; @@ -65,6 +66,7 @@ public async override Task OnActionExecutionAsync(ActionExecutingContext actionC _membershipRequestService = context.HttpContext.RequestServices.GetRequiredService(); _newsService = context.HttpContext.RequestServices.GetRequiredService(); _CCTContext = context.HttpContext.RequestServices.GetService(); + _accountService = context.HttpContext.RequestServices.GetRequiredService(); // set RecIM services _recimParticipantService = context.HttpContext.RequestServices.GetRequiredService(); @@ -189,7 +191,9 @@ private async Task CanReadOneAsync(string resource) case Resource.NEWS: return true; case Resource.STUDENT_SCHEDULE: - return user_groups.Contains(AuthGroup.Advisors); + if (context.ActionArguments["username"] is string viewed_username) + return user_groups.Contains(AuthGroup.Advisors) || viewed_username.EqualsIgnoreCase(user_name) || _accountService.GetAccountByUsername(viewed_username).AccountType.EqualsIgnoreCase("FACULTY"); + return false; default: return false; } From e5f12b62bcd80aa4fb8b491c5298ca15ecbb4ddc Mon Sep 17 00:00:00 2001 From: Bennettforkner Date: Wed, 11 Sep 2024 10:11:57 -0400 Subject: [PATCH 3/3] Make schedule controller implement GordonControllerBase --- Gordon360/Controllers/ScheduleController.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gordon360/Controllers/ScheduleController.cs b/Gordon360/Controllers/ScheduleController.cs index 7253adc55..0b653ee2c 100644 --- a/Gordon360/Controllers/ScheduleController.cs +++ b/Gordon360/Controllers/ScheduleController.cs @@ -11,7 +11,7 @@ namespace Gordon360.Controllers; [Route("api/[controller]")] -public class ScheduleController(IScheduleService scheduleService) : ControllerBase +public class ScheduleController(IScheduleService scheduleService) : GordonControllerBase { ///