Added Class.hasAccess to validate user input and add security

2026-01-02 01:19:31 +00:00 · 2022-03-04 22:39:56 +00:00
parent df1c572e14
commit ec87a77dd2
2 changed files with 11 additions and 0 deletions
--- a/lib/Class.js
+++ b/lib/Class.js
@@ -196,6 +196,14 @@ class Class {
 		return await Promise.all(testObjects);
 	}
 	async hasAccess(u) {
 		const userClasses = await u.getClasses();
 		return userClasses.filter(c => {
 			return c.id === this.id;
 		}).length;
 	}
 	addTeacher() {
 	}
--- a/routes/class.js
+++ b/routes/class.js
@@ -31,6 +31,9 @@ router.get('/class/:id', async (req, res) => {
 		});
 	}
 	if (!await c.hasAccess(await new User(null, req.session.userId)))
 		return res.redirect('/admin/classes');
 	const linkRoot = `/class/${c.id}`;
 	return res.render('class', {