diff --git a/server/src/modules/certificateModule/routes/addevent.js b/server/src/modules/certificateModule/routes/addevent.js index 615dc95b..c7ecafa5 100644 --- a/server/src/modules/certificateModule/routes/addevent.js +++ b/server/src/modules/certificateModule/routes/addevent.js @@ -5,10 +5,9 @@ const addEventController = new AddEventController(); const protectRoute = require("../../usermanagement/privateroute"); const ecmadminRoute = require("../../usermanagement/ecmadminroute"); const LockStatus = require("../helper/lockstatus"); -const { checkRole } = require("../../checkRole.middleware"); // Route to create a new event -addEventRouter.post("/", checkRole(['CM']), async (req, res) => { +addEventRouter.post("/", ecmadminRoute, async (req, res) => { try { const { user, ...eventData } = req.body; // extract userId from request body @@ -54,7 +53,7 @@ addEventRouter.get("/", async (req, res) => { // Route to update a specific event by ID -addEventRouter.put("/:eventId",checkRole(['CM'],true), async (req, res) => { +addEventRouter.put("/:eventId",ecmadminRoute, async (req, res) => { try { const eventId = req.params?.eventId; const updatedEvent = req.body; @@ -68,7 +67,7 @@ addEventRouter.put("/:eventId",checkRole(['CM'],true), async (req, res) => { }); -addEventRouter.get("/getevents", checkRole(['CM']), async (req, res) => { +addEventRouter.get("/getevents", ecmadminRoute, async (req, res) => { try { const user = req?.user?.id; const allEvents = await addEventController.getEventByUser(user); @@ -80,7 +79,7 @@ addEventRouter.get("/getevents", checkRole(['CM']), async (req, res) => { } }); -addEventRouter.post("/lock/:id", checkRole(['CM']), async (req, res) => { +addEventRouter.post("/lock/:id", ecmadminRoute, async (req, res) => { try { const eventId = req.params.id; await addEventController.lockEvent(eventId); diff --git a/server/src/modules/certificateModule/routes/certificate.js b/server/src/modules/certificateModule/routes/certificate.js index 3aebc3aa..9c80edd5 100644 --- a/server/src/modules/certificateModule/routes/certificate.js +++ b/server/src/modules/certificateModule/routes/certificate.js @@ -11,7 +11,7 @@ const { convertCertificateToImage, convertCertificateToPDF} = require("../contro const { convertallCertificates} = require("../controllers/convertAllCertificates") // Route to create a new certificate -certificateRouter.post("/content/:id", checkRole(['CM']), LockStatus, upload.any(),async (req, res) => { +certificateRouter.post("/content/:id", ecmadminRoute, LockStatus, upload.any(),async (req, res) => { try { console.log(req.files) const body = await convertToObject(req.params.id, req.body, req.files, req.baseURL) @@ -78,7 +78,7 @@ certificateRouter.get("/:certificateId", async (req, res) => { }); // Route to update a specific certificate by ID -certificateRouter.put('/:certificateId', checkRole(['CM']), LockStatus, async (req, res) => { +certificateRouter.put('/:certificateId', ecmadminRoute, LockStatus, async (req, res) => { try { const certificateId = req.params.certificateId; const updatedCertificate = req.body; @@ -93,7 +93,7 @@ certificateRouter.put('/:certificateId', checkRole(['CM']), LockStatus, async (r }); // Route to delete a specific certificate by ID -certificateRouter.delete("/:certificateId", checkRole(['CM']), LockStatus, async (req, res) => { +certificateRouter.delete("/:certificateId", ecmadminRoute, LockStatus, async (req, res) => { try { const certificateId = req.params?.certificateId; await certificateController.deletecertificateById(certificateId); diff --git a/server/src/modules/certificateModule/routes/emails.js b/server/src/modules/certificateModule/routes/emails.js index 4f3ad688..968f65f1 100644 --- a/server/src/modules/certificateModule/routes/emails.js +++ b/server/src/modules/certificateModule/routes/emails.js @@ -4,7 +4,7 @@ const { sendEmailsToParticipants } = require("../controllers/emails"); const { sendEmail } = require("../controllers/participantemail"); const ecmadminRoute = require("../../usermanagement/ecmadminroute"); -router.post("/send-emails/:eventId", checkRole(['CM']), async (req, res) => { +router.post("/send-emails/:eventId", ecmadminRoute, async (req, res) => { const eventId = req.params.eventId; const referer = req.get('Referer'); // Extract the host from the Referer URL @@ -27,7 +27,7 @@ router.post("/send-emails/:eventId", checkRole(['CM']), async (req, res) => { } }); -router.post("/send-email/:participantId",checkRole(['CM']), async (req, res) => { +router.post("/send-email/:participantId",ecmadminRoute, async (req, res) => { try { const participantId = req.params.participantId; const referer = req.get('Referer'); diff --git a/server/src/modules/certificateModule/routes/participant.js b/server/src/modules/certificateModule/routes/participant.js index e6c0f4f4..ef1a8dfe 100644 --- a/server/src/modules/certificateModule/routes/participant.js +++ b/server/src/modules/certificateModule/routes/participant.js @@ -20,7 +20,7 @@ const storage = multer.memoryStorage({ const upload = multer({ storage: storage }); // Route to create a new Batch participant -participantRouter.post("/batchupload/:eventId",checkRole(['CM']),LockStatus,upload.single('csvfile'), async (req, res) => { +participantRouter.post("/batchupload/:eventId",ecmadminRoute,LockStatus,upload.single('csvfile'), async (req, res) => { try { const fileBuffer = req.file.buffer; await participantController.addBatchparticipant(fileBuffer,req.params?.eventId); @@ -35,7 +35,7 @@ participantRouter.post("/batchupload/:eventId",checkRole(['CM']),LockStatus,uplo }); // Route to create a new participant -participantRouter.post("/addparticipant/:eventId",checkRole(['CM']),LockStatus, async (req, res) => { +participantRouter.post("/addparticipant/:eventId",ecmadminRoute,LockStatus, async (req, res) => { try { const newparticipant=await participantController.addparticipant(req.body,req.params.eventId); return res.status(200).json(newparticipant); @@ -75,7 +75,7 @@ participantRouter.get("/getoneparticipant/:participantId", async (req, res) => { }); // Route to update a specific participant by ID -participantRouter.put('/addparticipant/:participantId',checkRole(['CM']),LockStatus, async (req, res) => { +participantRouter.put('/addparticipant/:participantId',ecmadminRoute,LockStatus, async (req, res) => { try { const participantId = req.params?.participantId; const updatedParticipant = req.body; @@ -90,7 +90,7 @@ participantRouter.put('/addparticipant/:participantId',checkRole(['CM']),LockSta }); // Route to delete a specific participant by ID -participantRouter.delete("/deleteparticipant/:participantId",checkRole(['CM']),LockStatus, async (req, res) => { +participantRouter.delete("/deleteparticipant/:participantId",ecmadminRoute,LockStatus, async (req, res) => { try { const participantId = req.params?.participantId; await participantController.deleteparticipantById(participantId); diff --git a/server/src/modules/checkRole.middleware.js b/server/src/modules/checkRole.middleware.js index 06fdedef..0437f4a2 100644 --- a/server/src/modules/checkRole.middleware.js +++ b/server/src/modules/checkRole.middleware.js @@ -1,11 +1,10 @@ const jwt = require("jsonwebtoken"); const jwtSecret = "ad8cfdfe03c3076a4acb369ec18fbfc26b28bc78577b64da02646cd7bd0fe9c7d97cab"; -const { addEvent } = require("../models/certificateModule/addevent"); -const checkRole = (requiredRoles, checkEvent = false) => { - return async (req, res, next) => { +const checkRole = (roles) => { + return (req, res, next) => { const token = req.cookies.jwt; - console.log(token); + if (!token) { return res.status(401).json({ message: "Unauthorized" }); } @@ -13,44 +12,26 @@ const checkRole = (requiredRoles, checkEvent = false) => { try { // Verify the token const decoded = jwt.verify(token, jwtSecret); - const userId = decoded.id; - const userRoles = decoded.role; // Extract the roles from the token - // console.log(userRoles); - + // The token is valid, and 'decoded' contains user information including roles + const userId = decoded.id; + const userRoles = decoded.roles; // Ensure roles are correctly decoded - // Check if the user has the 'superadmin' role and skip further checks if they do - if (userRoles.includes('admin')) { - req.user = { id: userId, roles: userRoles }; - return next(); - } + // Attach the user details to the 'req' object + req.user = { + id: userId, + roles: userRoles, + }; // Check if the user has the required role - const hasRequiredRole = requiredRoles.some(role => userRoles.includes(role)); - if (!hasRequiredRole) { + if (!roles.some(role => userRoles.includes(role))) { return res.status(403).json({ message: "Forbidden" }); } - // If event check is required, check if the user is assigned to the specific event - if (checkEvent) { - const eventId = req.params.eventId; // Get eventId from req.params - const event = await addEvent.findById(eventId); - - if (!event) { - return res.status(404).json({ message: "Event not found" }); - } - - const isAssignedToEvent = addEvent.user === userId; - if (!isAssignedToEvent) { - return res.status(403).json({ message: "Forbidden" }); - } - } - - // Attach the user details to the 'req' object - req.user = { id: userId, roles: userRoles }; + // Allow the request to proceed next(); } catch (err) { - return res.status(401).json({ message: "Unauthorizedddd" }); + return res.status(401).json({ message: "Unauthorized" }); } }; }; diff --git a/server/src/modules/quizModule/faculty/routes/index.js b/server/src/modules/quizModule/faculty/routes/index.js index b744ffbe..fecb1758 100644 --- a/server/src/modules/quizModule/faculty/routes/index.js +++ b/server/src/modules/quizModule/faculty/routes/index.js @@ -1,19 +1,18 @@ const express = require("express"); const router = express.Router(); -// const facultyRoute = require("../../../usermanagement/facultyroute"); -const { checkRole } = require("../../checkRole.middleware"); +const facultyRoute = require("../../../usermanagement/facultyroute"); // quiz -router.use('/quiz', checkRole(['FACULTY']), require("./quiz")); -router.use('/quiz/quizzes', checkRole(['FACULTY']), require("./quiz")); -router.use('/quiz/:code', checkRole(['FACULTY']), require("./quiz")); +router.use('/quiz', facultyRoute, require("./quiz")); +router.use('/quiz/quizzes', facultyRoute, require("./quiz")); +router.use('/quiz/:code', facultyRoute, require("./quiz")); // questions -router.use('/quiz/:code/questions', checkRole(['FACULTY']), require("./quiz")); -router.use('/quiz/:code/questions/:id', checkRole(['FACULTY']), require("./quiz")); +router.use('/quiz/:code/questions', facultyRoute, require("./quiz")); +router.use('/quiz/:code/questions/:id', facultyRoute, require("./quiz")); // response -router.use('/quiz/:code/response', checkRole(['FACULTY']), require("./quiz")) -router.use('/quiz/:code/results/summary', checkRole(['FACULTY']), require("./quiz")) +router.use('/quiz/:code/response', facultyRoute, require("./quiz")) +router.use('/quiz/:code/results/summary', facultyRoute, require("./quiz")) module.exports = router; diff --git a/server/src/modules/quizModule/faculty/routes/quiz.js b/server/src/modules/quizModule/faculty/routes/quiz.js index e21785cc..5e199f31 100644 --- a/server/src/modules/quizModule/faculty/routes/quiz.js +++ b/server/src/modules/quizModule/faculty/routes/quiz.js @@ -3,10 +3,9 @@ const quizRouter = express.Router(); const QuizController = require('../controllers/quiz'); const quizController = new QuizController(); const { quizBelongsToUser } = require('../controllers/helper'); -// const facultyRoute = require("../../../usermanagement/facultyroute"); -const { checkRole } = require("../../checkRole.middleware"); +const facultyRoute = require("../../../usermanagement/facultyroute"); -quizRouter.post("/",checkRole(['FACULTY']), async (req, res) => { +quizRouter.post("/",facultyRoute, async (req, res) => { try { await quizController.createQuiz(req, res); } catch (e) { @@ -15,7 +14,7 @@ quizRouter.post("/",checkRole(['FACULTY']), async (req, res) => { }); -quizRouter.get("/quizzes", checkRole(['FACULTY']), async (req, res) => { +quizRouter.get("/quizzes", facultyRoute, async (req, res) => { try { await quizController.getAllQuiz(req, res); } catch (e) { @@ -23,7 +22,7 @@ quizRouter.get("/quizzes", checkRole(['FACULTY']), async (req, res) => { } }); -quizRouter.get("/:code", checkRole(['FACULTY']), async (req, res) => { +quizRouter.get("/:code", facultyRoute, async (req, res) => { try { await quizController.getQuizByCode(req, res); } catch (e) { @@ -31,7 +30,7 @@ quizRouter.get("/:code", checkRole(['FACULTY']), async (req, res) => { } }); -quizRouter.put("/:code", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => { +quizRouter.put("/:code", facultyRoute, quizBelongsToUser, async (req, res) => { try { await quizController.editQuizByCode(req, res); } catch (e) { @@ -39,7 +38,7 @@ quizRouter.put("/:code", checkRole(['FACULTY']), quizBelongsToUser, async (req, } }); -quizRouter.delete("/:code", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => { +quizRouter.delete("/:code", facultyRoute, quizBelongsToUser, async (req, res) => { try { await quizController.deleteQuiz(req, res); } catch (e) { @@ -49,7 +48,7 @@ quizRouter.delete("/:code", checkRole(['FACULTY']), quizBelongsToUser, async (re // Questions -quizRouter.post("/:code/questions", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => { +quizRouter.post("/:code/questions", facultyRoute, quizBelongsToUser, async (req, res) => { try { await quizController.addQuizQuestion(req, res); } catch (e) { @@ -57,7 +56,7 @@ quizRouter.post("/:code/questions", checkRole(['FACULTY']), quizBelongsToUser, a } }); -quizRouter.put("/:code/questions/:id", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => { +quizRouter.put("/:code/questions/:id", facultyRoute, quizBelongsToUser, async (req, res) => { try { await quizController.editQuizQuestion(req, res); } catch (e) { @@ -65,7 +64,7 @@ quizRouter.put("/:code/questions/:id", checkRole(['FACULTY']), quizBelongsToUser } }); -quizRouter.get("/:code/questions", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => { +quizRouter.get("/:code/questions", facultyRoute, quizBelongsToUser, async (req, res) => { try { await quizController.getAllQuestion(req, res); } catch (e) { @@ -73,7 +72,7 @@ quizRouter.get("/:code/questions", checkRole(['FACULTY']), quizBelongsToUser, as } }); -quizRouter.get("/:code/questions/:id", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => { +quizRouter.get("/:code/questions/:id", facultyRoute, quizBelongsToUser, async (req, res) => { try { await quizController.findQuestionById(req, res); } catch (e) { @@ -81,7 +80,7 @@ quizRouter.get("/:code/questions/:id", checkRole(['FACULTY']), quizBelongsToUser } }); -quizRouter.delete("/:code/questions/:id", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => { +quizRouter.delete("/:code/questions/:id", facultyRoute, quizBelongsToUser, async (req, res) => { try { await quizController.deleteQuizQuestion(req, res); } catch (e) { @@ -92,7 +91,7 @@ quizRouter.delete("/:code/questions/:id", checkRole(['FACULTY']), quizBelongsToU // testing pending -quizRouter.delete("/:code/response", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => { +quizRouter.delete("/:code/response", facultyRoute, quizBelongsToUser, async (req, res) => { try { await quizController.deleteQuizResponse(req, res); } catch (e) { @@ -101,7 +100,7 @@ quizRouter.delete("/:code/response", checkRole(['FACULTY']), quizBelongsToUser, }); -quizRouter.get("/:code/results/summary", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => { +quizRouter.get("/:code/results/summary", facultyRoute, quizBelongsToUser, async (req, res) => { try { await quizController.studentResultSummary(req, res); } catch (e) {