Added Class.hasAccess to validate user input and add security

2026-01-01 20:59:30 +00:00 · 2022-03-04 22:39:56 +00:00
parent df1c572e14
commit ec87a77dd2
2 changed files with 11 additions and 0 deletions
--- a/lib/Class.js
+++ b/lib/Class.js
@@ -196,6 +196,14 @@ class Class {
 		return await Promise.all(testObjects);
 	}

+	async hasAccess(u) {
+		const userClasses = await u.getClasses();
+
+		return userClasses.filter(c => {
+			return c.id === this.id;
+		}).length;
+	}
+
 	addTeacher() {

 	}
--- a/routes/class.js
+++ b/routes/class.js
@@ -31,6 +31,9 @@ router.get('/class/:id', async (req, res) => {
 		});
 	}

+	if (!await c.hasAccess(await new User(null, req.session.userId)))
+		return res.redirect('/admin/classes');
+
 	const linkRoot = `/class/${c.id}`;

 	return res.render('class', {